CVE-2020-4520

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to inject malicious HTML code that when viewed by the authenticated victim would execute the code. IBM X-Force ID: 182395...

IBM Cognos Analytics Code Injection Vulnerability

IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A code injection vulnerability...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A remote attacker is able to exploit the heap corruption via a malicious HTML page...

Esri Arcgis Server Cross-Site Scripting Vulnerability

Esri Arcgis Server is a Web-oriented, enterprise-class software platform for geolocation services from Esri, Inc. A cross-site scripting vulnerability exists in Esri Arcgis Server versions prior to 10.9 and Enterprise versions prior to 10.9, which can be exploited to inject malicious HTML...

DEBIAN-CVE-2021-21194

Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Quadbase EspressReports ES 跨站请求伪造漏洞

Quadbase EspressReports ES is a software application from Quadbase, Inc. It provides special reporting and querying capabilities that allow users to create various queries and reports through a zero-client browser interface. A cross-site request forgery vulnerability exists in Quadbase...

Heap Buffer Overflow

chromium is vulnerable to heap buffer overflow. The vulnerability exists when an attacker send a malicious HTML page, causing a heap corruption...

Content Spoofing

chromium is vulnerable to content spoofing. An insecure implementation allows an attacker who has compromised the renderer process to spoof contents of the Omnibox via a malicious HTML page...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A heap-based buffer overflow in V8 allows a remote attacker to execute arbitrary code on the host OS via a heap corruption via a malicious HTML page...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. A heap-based buffer overflow in Skia allows a remote attacker to exploit a heap corruption and execute arbitrary code on the host OS via a malicious HTML page...

Dell iDRAC XSS (DSA-2020-268)

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to...

Logitech: Stored XSS on oslo.io in notifications via project name change

Hey Logitech team. Summary: It is possible for an editor on a project to rename a project to a malicious HTML element, which when opened in the notification dropdown will render and fire javascript. Steps To Reproduce: add details for how we can reproduce the issue 1. Invite user to join the...

Information Disclosure

chromium is vulnerable to information disclosure. Side-channel information leakage in autofill allows a remote attacker to obtain confidential information from process memory via a malicious HTML page...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. Heap buffer overflow in WebAudio allows a remote attacker to exploit a heap corruption via a malicious HTML page...

Content-Security Policy Bypass

chromium is vulnerable to content-security policy bypass. Insufficient policy enforcement in CSP allows a remote attacker to bypass content security policy via a malicious HTML page...

CVE-2020-26198

Dell EMC iDRAC9 is affected by a reflected cross-site scripting (XSS) vulnerability in the web UI for versions prior to 4.32.10.00 and 4.40.00.00. A remote attacker could lure a victim to a crafted link to execute malicious HTML/JavaScript in the browser. Public references indicate the vulnerabil...

CVE-2020-26198

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to...

Arbitrary Code Execution

chromium is vulnerable to arbitrary code execution. Insufficient checks of pointer validity in WebRTC allows a remote attacker to exploit a heap corruption and execute arbitrary code on the host OS via a malicious HTML page...

squid: Improper input validation in request allows for proxy manipulation

A flaw was found in squid. The absolute URL of a request can include the decoded UserInfo username and password for certain protocols. This decoded info may contain special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a...

CVE-2020-15930

An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag...