6991 matches found
Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability
Google Chrome is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability
This host is installed with Google Chrome and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromegetsvgdocumentxssvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome 'getSVGDocument' Cross-Site Scripting Vulnerability Authors: Sharath S...
Cross site scripting
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG...
CVE-2009-3264
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG...
CVE-2009-3264
Removed by vendor...
CVE-2009-3264
The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified "access check," which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG...
CVE-2009-3264
Google Chrome before 3.0.195.21 is affected by CVE-2009-3264: getSVGDocument omits an access check, allowing remote servers to bypass Same Origin Policy and trigger cross-site scripting via unspecified vectors related to visiting an SVG-hosting page. The vulnerability is documented in multiple fe...
Google Chrome < 3.0.195.21 Multiple Vulnerabilities
The version of Google Chrome installed on the remote host is earlier than 3.0.195.21. Such versions are reportedly affected by multiple issues : - Google Chrome's inbuilt RSS/ATOM reader renders untrusted JavaScript in an RSS/ATOM feed. Provided a victim connects to a RSS/ATOM feed link controlle...
Update Scanner - Firefox Extension - Chrome Privileged Code Injection
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Update Scanner Chrome Privileged Code Injection +-----------+ |Description| +-----------+ Security-Assessment.com discovered that Update Scanner is vulnerable to Cross Site Scriptin...
WizzRSS Firefox Extension - Privileged Code Injection
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. WizzRSS Firefox Extension Code Injection Vulnerability Versions affected: WizzRSS Reader 3.1.0.0 WizzRSS Reader Lite 3.0.0.9b +-----------+ |Description| +-----------+ The WizzRSS...
ScribeFire Firefox Extension - Privileged Code Injection
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. ScribeFire Firefox Extension Code Injection Vulnerability Versions affected: 3.4.2 +-----------+ |Description| +-----------+ The ScribeFire Firefox extension provides an interface f...
CoolPreviews - Firefox Extension - Chrome Privileged Code Injection
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. CoolPreviews Chrome Privileged Code Injection +-----------+ |Description| +-----------+ Security-Assessment.com discovered that Coolpreviews stack feature is vulnerable to Cross Sit...
Feed Sidebar Firefox Extension - Privileged Code Injection
, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Feed Sidebar Firefox Extension Code Injection Vulnerability Versions affected: 3.2 +-----------+ |Description| +-----------+ The Feed Sidebar Firefox extension will generate a previ...
RHEL 4 / 5 : java-1.5.0-ibm (RHSA-2008:0210)
Updated java-1.5.0-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2 Runti...
RHEL 4 / 5 : java-1.5.0-sun (RHSA-2008:0186)
Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the...
RHEL 5 : java-1.4.2-ibm (RHSA-2008:0955)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2008:0955 advisory. - Java RE allows Same Origin Policy to be Bypassed 6687932 CVE-2008-3104 - Java Web Start, arbitrary file creation 6703909 CVE-2008-3112 -...
Cross site scripting
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted document, related to a "cross origin wrapper bypass."...
CVE-2009-2472
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted document, related to a "cross origin wrapper bypass."...
CVE-2009-2472
Affected software: Mozilla Firefox before 3.0.12 (as per CVE-2009-2472). Issue: during object construction, Firefox did not always use XPCCrossOriginWrapper, allowing bypass of the Same Origin Policy and enabling cross-site scripting (XSS) via a crafted document. Impact: potential XSS vulnerabili...
Mozilla multiple cross origin wrapper bypasses
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via a crafted document, related to a "cross origin wrapper bypass."...