Lucene search
K

132 matches found

CVE
CVE
added 2018/06/11 9:0 p.m.132 views

CVE-2017-5387

CVE-2017-5387 affects Mozilla Firefox (pre-51). Root cause: local-file existence can be inferred via double firing of onerror when a TRACK tag references a non-existent source loaded locally. Impact: disclosure of local file existence; no explicit exploitation details provided in the sources. Aff...

3.3CVSS5.1AI score0.00402EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.24 views

CVE-2017-5387

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...

3.3CVSS6.7AI score0.00402EPSS
Exploits1
0day.today
0day.today
added 2018/05/30 12:0 a.m.75 views

Dolibarr 7.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...

0.1AI score0.71242EPSS
Exploits10
Hacker One
Hacker One
added 2017/10/26 12:18 p.m.33 views

IRCCloud: [IRCCloud Android] XSS in ImageViewerActivity

Hi, I'd like to report HTML/JS injection in activity com.irccloud.android.activity.ImageViewerActivity which is exported: xml so can be launched by arbitrary apps installed on the same device. On the newest Androids could be exploited also by Android Instant Apps directly from a web-browser...

7.3AI score
Exploits0
OSV
OSV
added 2017/01/25 12:0 a.m.2 views

UBUNTU-CVE-2017-5387

The existence of a specifically requested local file can be found due to the double firing of the "onerror" when the "source" attribute on a "" tag refers to a file that does not exist if the source page is loaded locally. This vulnerability affects Firefox 51...

3.3CVSS6.7AI score0.00402EPSS
Exploits1References4
Openbugbounty
Openbugbounty
added 2015/11/04 6:37 p.m.9 views

pagesjaunes.ca XSS vulnerability

Vulnerable URL: http://www.pagesjaunes.ca/locations/Alberta/landmarks-1%3Cvideo%3E%3Csource%20onerror=%22javascript:prompt%28'XSSPOSED'%29%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2015/07/12 8:25 a.m.11 views

ds36.ru XSS vulnerability

Vulnerable URL: http://www.ds36.ru/firms/?text=%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1783484 Google Pagerank| 1 VIP...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Microsoft Internet Explorer 5 JavaScript Local File Enumeration Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/3779/info Microsoft Internet Explorer is prone to a vulnerability which may disclose sensitive information to a malicious webmaster. When script code includes a file outside of the document it is embedded in and the file...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/01/27 12:0 a.m.17 views

discuz x3.0 20130801版本发表日志可xss

简要描述: 论坛开启日志功能的情况下,发表日志,在引入网络图片时可以实现xss。 详细说明: 一、详细说明: 1、论坛开启日志功能。 2、用户登录后打开日志功能。 3、发表日志,在引入网络图片时可以实现xss。 在ubuntu12.04LTS下搭建的apache2+php+mysql环境下,使用一切默认设置可以再现此漏洞,但我使用win2003时,之前能够再现,在没有更新配置的情况下发现今天不可再现此漏洞,onerror被替换成了点(.) 漏洞证明: 1、登录后打开日志模块。 2、发表日志,内容如下: 3、单击提交 4、提交日志后再浏览日志。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/01/07 12:0 a.m.34 views

绕过startbbs防御继续盲打管理员(两种方法)

简要描述: startbbs已经对xss有过滤措施,但是有办法绕过。这里我依然以官方为demo作为测试,因为官方的是最新版。 详细说明: 问题出现在发帖的正文文本框:盲打的概率非常高的。 测试了常规的html代码,发现只剩下img标签,其他的都被过滤了,因此可以在img上能发挥作用的只有on系列的事件了。 测试尝试和之前那样 发布上面的代码,发现过滤成下面这样: 尝试用javascript:伪协议去触发:但是又被过滤成这样: 也就是常规的在敏感字符那加入x 来让事件等功能失效。 到了这一步,暂时没有了头绪。 过了几天之后忽然想到之前新浪邮箱的过滤方式也是如此。...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2013/08/09 4:40 a.m.25 views

Reflected XSS in 'where' param of doSearchSite

Olivier Beg reported quote noformathttps://confluence.atlassian.com/dosearchsite.action?queryString=%22%3E&startIndex=0&lastModified=LASTWEEK&where=confall%22%3E%3Cimg%20src=x%20onerror=alert1%3Enoformat I asume he is DOM based because he works in google chrome. quote This results in code:html co...

1.4AI score
Exploits0
Cvelist
Cvelist
added 2013/06/17 10:0 a.m.23 views

CVE-2013-1095

Cross-site scripting XSS vulnerability in a ZCC page in njwc.jar in Novell ZENworks Configuration Management ZCM 11.2 before 11.2.3a Monthly Update 1 allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError event...

5.6AI score0.01282EPSS
Exploits0References3
CVE
CVE
added 2013/06/17 10:0 a.m.46 views

CVE-2013-1095

CVE-2013-1095 concerns a cross-site scripting (XSS) vulnerability in the ZENworks Configuration Management (ZCM) 11.2 line, specifically in a ZCC page within njwc.jar. The issue arises from improper validation of onError-event input, allowing remote attackers to inject arbitrary web script or HTM...

4.3CVSS5.8AI score0.01282EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2013/04/19 11:44 a.m.18 views

CVE-2013-1086

Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute...

4.3CVSS5.7AI score0.01222EPSS
Exploits0References3
Prion
Prion
added 2013/04/19 11:44 a.m.22 views

Cross site scripting

Cross-site scripting XSS vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute...

4.3CVSS6.1AI score0.01222EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2013/04/19 10:0 a.m.53 views

CVE-2013-1086

CVE-2013-1086 is a Cross-site scripting (XSS) vulnerability in WebAccess of Novell GroupWise prior to 8.0.3 HP3, and 2012 prior to SP2. The issue permits remote attackers to inject arbitrary web script or HTML via onError attribute vectors. Connected documents confirm the affected product (Novell...

4.3CVSS5.8AI score0.01222EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2010/07/21 1:33 a.m.12 views

Mozilla Cross-origin data leakage from script filename in error messages

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows...

5CVSS7.4AI score0.01069EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/07/21 1:18 a.m.8 views

Mozilla Cross-origin data leakage from script filename in error messages

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows...

5CVSS7.4AI score0.01069EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/07/21 12:24 a.m.7 views

Mozilla Cross-origin data leakage from script filename in error messages

dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows...

5CVSS7.4AI score0.01069EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/12/17 1:31 a.m.9 views

Firefox Cross-domain data theft via script redirect error message

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which...

6CVSS7.4AI score0.0166EPSS
Exploits0References4
Rows per page
Query Builder