CVE-2026-7795

The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to insufficient escaping when embedding user-supplied shortcode attribute values inside JavaScript string...

CVE-2022-28873

A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks...

F-Secure SAFE 安全漏洞

F-Secure SAFE is a suite of antivirus software from the Finnish company F-Secure. A security vulnerability exists in F-Secure SAFE that originates in the Javascript window.open function that leads to an address bar spoofing attack...

UBUNTU-CVE-2018-6096

A JavaScript focused window could overlap the fullscreen notification in Fullscreen in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to obscure the full screen warning via a crafted HTML page...

Design/Logic Flaw

Mozilla Firefox allows for cookies to be set with a null domain aka "domainless cookies", which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window...