Design/Logic Flaw

The Getahead Direct Web Remoting DWR framework 1.1.4 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

Design/Logic Flaw

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2384

The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

CVE-2007-2381

The MochiKit framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2382

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2007-2376

The Dojo framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2003-1305

Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...

CVE-2006-3538

Multiple cross-site scripting XSS vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the 1 "Your name" field and 2 "Enter Prayer Request here" field...

CVE-2006-2991

Multiple cross-site scripting XSS vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in 1 next.cgi, 2 stats.cgi, or 3 list.cgi...

CVE-2006-2991

CVE-2006-2991 describes multiple XSS vulnerabilities in Ringlink 3.2. The issue arises via a JavaScript URI in the SRC attribute of an IMG element (ringid parameter) in next.cgi, stats.cgi, or list.cgi. Affected component: Ringlink 3.2; vulnerability class: cross-site scripting; impact per NVD me...

CVE-2006-2975

Multiple cross-site scripting XSS vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the 1 name, 2 email, and 3 website parameter, which bypasses XSS protection mechanisms that...

CVE-2006-2969

Cross-site scripting XSS vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations...

Cross site scripting

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

CVE-2006-2808

Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...

CVE-2006-2785

Cross-site scripting XSS vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into 1 performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or 2 selecting "Show on...

Cross site scripting

Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...

PT-2006-3297 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox version 1.5.0.3 Description: The issue allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. It was noted that the web page caused a...

Design/Logic Flaw

Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to 1 multiple SCROLLING attributes with no values, or 2 a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which...