CVE-2020-14456

Mattermost Desktop App

Cross-Site Request Forgery (CSRF)

@rails/ujs is vulnerable to cross-site request forgery CSRF. The same-origin header in XMLHttpRequest requests are not validated before including the CSRF token, potentially allowing remote attackers to submit requests on behalf of the user...

KLA11787 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilitie...

Same-Origin Request Forgery to Backend User Interface

It has been discovered that the backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server - scripts are then executed with the privilege...

Improper Access Control

github.com/gorilla/handlers is vulnerable to improper access control. The vulnerability exists because it does not perform sufficient origin header access checks due to the misconfiguration of CORS, allowing an attacker to send malicious AJAX requests or HTML Document through it bypassing the sam...

Bundeswehr Karriere - Cross Site Scripting Vulnerability

Document Title: =============== Bundeswehr Karriere - Cross Site Scripting Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2214 Video: https://www.vulnerability-lab.com/getcontent.php?id=2197 Release Date: ============= 2020-04-18...

Information Disclosure

firefox is vulnerable to information disclosure. The vulnerability exists as the same-origin policy in Firefox treated http://example.com and http://example.com as interchangeable. A malicious script could possibly use this flaw to gain access to sensitive information such as a client's IP and us...

Remote Code Execution (RCE)

The IcedTea-Web is vulnerable to denial of service DoS. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy...

Same-Origin Policy Bypass

firefox is vulnerable to Same-Origin policy bypass. A flaw was found in the way Firefox handled frame objects with certain names. An attacker could use this flaw to cause a plug-in to grant its content access to another site or the local file system, violating the same-origin policy...

Same-Origin Policy Bypass

thunderbird/firefox is vulnerable to Same-Origin Policy bypass. It was found that Thunderbird could treat two separate cookies for web content as interchangeable if both were for the same domain name but one of those domain names had a trailing "." character. This violates the same-origin policy...

Same Origin Policy Bypass

WebKitGTK+ is vulnerable to same origin policy bypass. It was found that WebKit did not correctly restrict read access to images created from the "canvas" element. Malicious web content could allow a remote attacker to bypass the same-origin policy and potentially access sensitive image data...

Same-Origin Policy Bypass

firefox is vulnerable to same-origin policy bypass. An attacker could create a malicious web page that, when viewed by a victim, could steal private data from a different website the victim had loaded with Firefox...

Information Disclosure

thunderbird is vulnerable to information disclosure. A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as an attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists as two flaws were found in the way certain content was processed. An attacker could use these flaws to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted JavaScript...

Information Disclosure

seamonkey is vulnerable to information disclosure. The vulnerability exists as a flaw was found in the way SeaMonkey handles text selection. A malicious website may be able to read highlighted text in a different domain e.g. another website the user is viewing, bypassing the same-origin policy...

Same-Origin Policy Bypass

thunderbird is vulnerable to same-origin policy bypass. Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information...

Same-Origin Policy Bypass

seamonkey is vulnerable to same-origin policy bypass. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...

Same-Origin Policy Bypass

seamonkey is vulnerable to same-origin policy bypass. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey...

Same-Origin Policy Bypass

seamonkey is vulnerable to same-origin policy bypass. Several flaws were found in the way malformed content was processed. A website containing specially-crafted content could potentially trick a SeaMonkey user into surrendering sensitive information...