Cross-site Scripting (XSS)

Wordpress is vulnerable to cross-site scripting XSS attacks. These attacks are possible because .js files can be uploaded without the unfilteredhtml capability...

CVE-2017-17092

wp-includes/functions.php in WordPress before 4.9.1 does not require the unfilteredhtml capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted file...

Zomato: [www.zomato.com] Unauthenticated access to Internal Sales Data of Zomato through an unrestricted endpoint

Internal sales dashboard was open. While running through the JS file I discovered a new endpoint, while reading further I found that it shouldn't have been accessible by anyone else apart from the admin. So, I started to find the correct Post Request and within few mins of fuzzing, I found the...

Mozilla Firefox nsTreeRange Use After Free - Ver2 (CVE-2011-0073)

A use-after-free vulnerability has been reported in Mozilla Firefox. The vulnerability is due to an error while handling user-defined functions in JavaScript JS files. A remote attacker may exploit this vulnerability by enticing users to open a specially crafted web-page using an affected version...

ClamAV memory corruptions

Memory corruptions on JS and PE files parsing...

Ubuntu 14.04 LTS : Exuberant Ctags vulnerability (USN-2371-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2371-1 advisory. It was discovered that Exuberant Ctags incorrectly handled certain minified js files. An attacker could use this issue to possibly cause Exuberant Ctags to consum...

JVN#35605523: Cross-site scripting vulnerability in Access Analyzer CGI by futomi's CGI Cafe

Access Analyzer CGI provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI contains a cross-site scripting vulnerability. This is caused by a particular method in which tags are embedded into the web page. Impact An arbitrary script may be executed on the user...