7 matches found
Mail.ru: Self XSS via help.mail.ru interface
Self-XSS in sandbox domain via support chat interface on help.mail.ru with no security impact identified...
Mail.ru: Stored XSS in api.icq.net
Crossite scripting in api.icq.net domain. icq.net is considered as a sandbox domain, it does not use HTTP authentication or cookies, but XSS could be used to facilitate phishing attack...
Mail.ru: XSS с помощью специально сформированного файла.
XSS on sandbox domain via e-mail attachment...
Slack: Executing scripts on slack-files.com using SVG
Impact Although slack-files.com is a sandbox domain, there are many ways to gain the victim's trust during phishing attack. For example, an attacker might render a fake log-in form with "You need to sign in to see this file" message and trick users into handing out their passwords. Steps to...
Mail.ru: XSS at af.attachmail.ru
XSS via attached SVG on sandbox domain af.attachmail.ru. xss via .svg file, working into UC BROWSER MINI only. Video poc: https://www.youtube.com/watch?v=E5akSwOXaKs&feature=youtu.be...
CVE-2014-6392
Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...
Cross site scripting
Cross-site scripting XSS vulnerability in the Facebook app 14.0 and the Facebook Messenger app 10.0 for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted filename extension that is improperly handled during MIME sniffing of chat traffic. NOTE: the vendor disputes th...