80 matches found
Ruby on Rails: ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService
ActiveStorage tries to force content-disposition: attachment for a list of content-types, including text/html. However, response-content-type and response-content-disposition in GCS and DiskService's URLs aren't signed, which means an attacker can modify them at will. This is not the case for Azu...
ruby-grape Gem has XSS via "format" parameter
When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header. Example: http://example.com/api/endpoint?format=%3Cscript%3Ealertdocument.cookie%3C/script%3E...
dcrawl - Simple, But Smart, Multi-Threaded Web Crawler For Randomly Gathering Huge Lists Of Unique Domain Names
dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...
Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...
Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...
CVE-2016-5737
The Gerrit configuration in the Openstack Puppet module for Gerrit aka puppet-gerrit improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting XSS attacks via a crafted review...
DEBIAN-CVE-2016-5303
Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...
UBUNTU-CVE-2016-5303
Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...
devel/ipython -- remote execution
Kyle Kelley reports: Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects use...
jcsmsy.jconline.cn XSS vulnerability
Open Bug Bounty ID: OBB-56765 Description| Value ---|--- Affected Website:| jcsmsy.jconline.cn Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
Cloudflare: Content spoofing /CSRF at https://www.cloudflare.com/ajax/modal-dialog.html
Hi there, I noticed two things on the following url: https://www.cloudflare.com/ajax/modal-dialog.html 1. CSRF There are some csrf countermeasures in place e.g. X-Requested-With: XMLHttpRequest, however they're not validated on the server. This leads to an uncritical csrf: 2. Content spoofing Usi...
Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource
The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...
DOMParser loads linked resources in extensions when parsing text/html — Mozilla
Security researcher vsemozhetbyt reported that when the DOMParser is used to parse text/html data in a Firefox extension, linked resources within this HTML data will be loaded. If the data being parsed in the extension is untrusted, it could lead to information leakage and can potentially be...
CVE-2012-2364
Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...
Citrix Web Interface源码信息泄露漏洞
BUGTRAQ ID: 38838 Citrix Web Interface是Citrix Presentation Server上使用的免费附件组件,允许用户使用浏览器连接到应用。 Citrix Web Interface的ClientScripts文件夹中的JavaScript文件包含有ASP.NET代码,Citrix ASPX文件会引用这些文件用于解析JS文件中的ASP.NET内容,解析后所生成的JavaScript内容在浏览器中ASPX页面显示。...
PT-2009-5350 · Mozilla · Firefox +1
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 3.0.13 and earlier Mozilla Firefox version 3.5 Mozilla Firefox version 3.6 a1 pre Mozilla Firefox version 3.7 a1 pre SeaMonkey version 1.1.17 Mozilla versions 1.7.x and earlier Description: The issue allows remote...
CVE-2005-3895
Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...
Debian DSA-163-1 : mhonarc - XSS
Jason Molenda and Hiromitsu Takagi foundways to exploit cross site scripting bugs in mhonarc, a mail to HTML converter. When processing maliciously crafted mails of type text/html mhonarc does not deactivate all scripting parts properly. This is fixed in upstream version 2.5.3. If you are worried...
Esafe Protect Gateway (CVP) does not scan virus under some conditions
Hi, After notification of the manufacturer here is the full report on a problem noted with Esafe Protect Gateway. SUMMARY ------- The Esafe Protect Gateway ESPG does not scan some files in combination with FireWall-1 and CVP. DETAILS ------- If you want the Esafe Protect Gateway to scan all conte...
Уязвимость в ESAFE
при получении документа из Internet если его MIME-тип соответствует text/html он не проверяется...