Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block

Summary The @partial-block special variable is stored in the template data context and is reachable and mutable from within a template via helpers that accept arbitrary objects. When a helper overwrites @partial-block with a crafted Handlebars AST, a subsequent invocation of @partial-block compil...

SUSE CVE-2005-0961

Cross-site scripting XSS vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title...

SUSE CVE-2014-1748

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame...

WebKit - 'enqueuePageshowEvent' / 'enqueuePopstateEvent' Universal Cross-Site Scripting

view-frame.page; frame.tree.appendChildchildFrame-view-frame; childFrame-open; enqueuePageshowEventPageshowEventPersisted; HistoryItem historyItem = frame.loader.history.currentItem; if historyItem && historyItem-stateObject mdocument-enqueuePopstateEventhistoryItem-stateObject;...

webkit -- UI spoof

webkit reports: The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame...

CVE-2014-1748

The vulnerability CVE-2014-1748 affects Blink in Google Chrome prior to 35.0.1916.114. It targets ScrollView::paint in platform/scroll/ScrollView.cpp, allowing a remote attacker to spoof the UI by extending scrollbar painting into the parent frame. Impact: UI spoofing could mislead users. Affecte...

CVE-2014-1748

Removed by vendor...

CVE-2005-0961

Cross-site scripting XSS vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title...

CVE-2005-0961

Cross-site scripting XSS vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title...

[SA15074] Turba Parent Frame Page Title Cross-Site Scripting Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: Turba Parent Frame Page Title Cross-Site Scripting...

Horde Imp < 3.2.8 Parent Frame Page Title XSS

Binary data 2856.prm...

Horde Vacation < 2.2.2 Parent Frame Page Title XSS

Binary data 2850.prm...

Horde Chora < 1.2.3 Parent Frame Page Title XSS

Binary data 2853.prm...

Horde Accounts < 2.1.2 Parent Frame Page Title XSS

Binary data 2854.prm...

Horde Nag < 1.1.3 Parent Frame Page Title XSS

Binary data 2852.prm...

Horde Forwards < 2.2.2 Parent Frame Page Title XSS

Binary data 2855.prm...

CVE-2005-0961

Cross-site scripting XSS vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title...