Lucene search
K

7 matches found

Hacker One
Hacker One
added 2020/02/14 6:9 a.m.20 views

Mail.ru: Self XSS via help.mail.ru interface

Self-XSS in sandbox domain via support chat interface on help.mail.ru with no security impact identified...

3.4AI score
Exploits0
Hacker One
Hacker One
added 2018/06/07 10:23 a.m.47 views

Mail.ru: Stored XSS in api.icq.net

Crossite scripting in api.icq.net domain. icq.net is considered as a sandbox domain, it does not use HTTP authentication or cookies, but XSS could be used to facilitate phishing attack...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2016/04/26 10:27 p.m.14 views

Mail.ru: XSS с помощью специально сформированного файла.

XSS on sandbox domain via e-mail attachment...

1.7AI score
Exploits0
Hacker One
Hacker One
added 2015/11/19 9:31 p.m.12 views

Slack: Executing scripts on slack-files.com using SVG

Impact Although slack-files.com is a sandbox domain, there are many ways to gain the victim's trust during phishing attack. For example, an attacker might render a fake log-in form with "You need to sign in to see this file" message and trick users into handing out their passwords. Steps to...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2015/08/28 10:6 p.m.49 views

Mail.ru: XSS at af.attachmail.ru

XSS via attached SVG on sandbox domain af.attachmail.ru. xss via .svg file, working into UC BROWSER MINI only. Video poc: https://www.youtube.com/watch?v=E5akSwOXaKs&feature=youtu.be...

0.4AI score
Exploits0
NVD
NVD
added 2014/09/15 2:55 p.m.27 views

CVE-2014-6392

Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...

4.3CVSS5.5AI score0.00942EPSS
Exploits0References1
Prion
Prion
added 2014/09/15 2:55 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...

4.3CVSS5.9AI score0.00942EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder