The vulnerability of the Bookmarks component in Google Chrome allows a hacker to execute a JavaScript script on pages with the URL chrome://.

The vulnerability of the Bookmarks component in Google Chrome browser is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute a JavaScript script on the chrome:// page remotely, using a specially crafted tab...

Vmware ESXi Host Client Cross-Site Scripting Vulnerability

VMware ESXi is a bare-metal virtualization hypervisor from VMware that is installed directly on a physical server and divides the physical server into multiple virtual machines. The program features less disk space, higher reliability and security. A cross-site scripting vulnerability exists in...

Cross site scripting

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

October CMS Cross-Site Scripting Vulnerability (CNVD-2017-37277)

OctoberCMS is a CMS system based on Laravel PHP development framework. A cross-site scripting vulnerability exists in the brand logo image name in October CMS build 412. An attacker can exploit this vulnerability to execute JavaScript code in the victim's browser...

CVE-2017-7839

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting self-XSS attacks where users are...

CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

UBUNTU-CVE-2017-5085

Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark...

Design/Logic Flaw

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

CVE-2017-15911

The CVE-2017-15911 entry concerns Ignite Realtime Openfire Server prior to 4.1.7, where the Admin Console is vulnerable to cross-site scripting (XSS) via a crafted setup/setup-host-settings.jsp?domain= link. This allows arbitrary client-side JavaScript execution on victims after login, with poten...

GHSA-5J3G-JFQ3-7JWX Arbitrary JavaScript Execution in bassmaster

A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater...

Arbitrary JavaScript Execution in bassmaster

A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater...

antiquariat-vinke.de XSS vulnerability

Vulnerable URL: http://www.antiquariat-vinke.de/flashdetection.swf?flashContentURL=javascript:alert5389 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

Cross site scripting

Cross-Site Scripting exists in OctoberCMS 1.0.425 aka Build 425, allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account...

CVE-2017-15284

Cross-Site Scripting exists in OctoberCMS 1.0.425 aka Build 425, allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account...

OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting

OctoberCMS 1.0.425 Build 425 - Cross-Site Scripting Exploit Title: OctoberCMS 1.0.425 aka Build 425 Stored XSS Vendor Homepage: https://octobercms.com/ Software Link: https://octobercms.com/download Exploit Author: Ishaq Mohammed https://www.exploit-db.com/author/?a=9086 Contact:...

OctoberCMS 1.0.425 Cross Site Scripting

Exploit Title: OctoberCMS 1.0.425 aka Build 425 Stored XSS Vendor Homepage: https://octobercms.com/ Software Link: https://octobercms.com/download Exploit Author: Ishaq Mohammed https://packetstormsecurity.com/files/author/13150/ Contact: https://twitter.com/securityprince Website:...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...