Invoice Plane Cross-Site Scripting Vulnerability (CNVD-2018-04555)

InvoicePlane is an open source financial system. The system has features to manage quotes, invoices and payments. A cross-site scripting vulnerability exists in the client email field in InvoicePlane 1.5.4 and prior versions. A remote attacker can exploit this vulnerability to execute JavaScript...

ServersCheck Monitoring Software Cross-Site Scripting Vulnerability

ServersCheck Monitoring Software is a suite of browser-based network inspection tools from ServersCheck Belgium. The tool monitors, reports, and provides early warning of problems with system performance and reliability. A cross-site scripting vulnerability exists in ServersCheck Monitoring...

The vulnerability of the Bookmarks component in Google Chrome allows a hacker to execute a JavaScript script on pages with the URL chrome://.

The vulnerability of the Bookmarks component in Google Chrome browser is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute a JavaScript script on the chrome:// page remotely, using a specially crafted tab...

FortiOS XSS vulnerabilities via User Groups & Config Revision Comments

Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...

Hitachi Device Manager and Replication Manager Cross-Site Scripting Vulnerability

Hitachi Device Manager and Replication Manager are both products of Hitachi, Japan.Hitachi Device Manager is software that manages multiple Hitachi storage systems from a single console and provides logical view capabilities to align storage assets with business applications. Replication Manager ...

Yandex Browser for desktop Yandex Browser Translator Cross-Site Scripting Vulnerability

Yandex Browser for desktop is a desktop browser from the Russian company Yandex.Yandex Browser Translator is one of the translation applications. A cross-site scripting vulnerability exists in Yandex Browser Translator in Yandex Browser for desktop versions 15.12 through 16.2. A remote attacker c...

IBM Financial Transaction Manager for ACH Cross-Site Scripting Vulnerability

IBM Financial Transaction Manager FTM for ACH Services is a Financial Transaction Manager product from IBM USA, which is used to monitor, track and report on financial payments and transactions. A cross-site scripting vulnerability exists in Financial Transaction Manager FTM for ACH Services...

The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary JavaScript code

The vulnerability of Firefox lies in the improper restriction of resource: URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges of a Chrome browser, thereby circumventing access control policies. This can be achieved, for example, by usi...

Vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.

The vulnerability of the CBBBRInvite method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions. Exploiting this...

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.

The vulnerability of the CBSharedReviewStatusDialog method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions...

UBUNTU-CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

Penske Media Corporation Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...

Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter...

CVE-2009-1704

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file...

JSON Hijacking of use as well as Web API security-vulnerability warning-the black bar safety net

by:cosine JSON Hijacking what role, as a black brother said, You can CSRF to give the user privacy data: a. The principle of the last presentation, first take a attack example, take the meal to do an experiment. First of all, we see this:http://help.fanfou.com/api.html. Rice no API. Wherein:...

security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

security flaw

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing...

security flaw

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

CVE-2002-0474

Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag...