Lucene search
+L

111 matches found

OSV
OSV
added 2014/11/24 4:59 p.m.4 views

DEBIAN-CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS5.9AI score0.06463EPSS
Exploits0References1
NVD
NVD
added 2014/11/24 4:59 p.m.30 views

CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS6AI score0.06463EPSS
Exploits0References11
UbuntuCve
UbuntuCve
added 2014/11/24 4:59 p.m.34 views

CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS6.5AI score0.06463EPSS
Exploits0References1
Prion
Prion
added 2014/11/24 4:59 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS6AI score0.06463EPSS
Exploits0References11Affected Software5
OSV
OSV
added 2014/11/24 4:59 p.m.5 views

UBUNTU-CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS6.5AI score0.06463EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/11/24 4:0 p.m.45 views

CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS6.1AI score0.06463EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2014/10/14 12:0 a.m.27 views

Microsoft Internet Explorer Title attribute Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS6.3AI score0.21246EPSS
Exploits0References1
NVD
NVD
added 2014/02/27 3:55 p.m.14 views

CVE-2014-0046

Cross-site scripting XSS vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers to inject arbitrary web script or HTML via the title attribute...

2.6CVSS5.7AI score0.01316EPSS
Exploits0References6
RubySec
RubySec
added 2014/02/07 12:0 a.m.21 views

Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form

In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the link-to helper means that any user-supplied data bound to the link-to helper's title attribute will not be escaped...

2.6CVSS1AI score0.01316EPSS
Exploits0References1Affected Software1
Atlassian
Atlassian
added 2008/02/01 12:29 p.m.35 views

Project name that contains double-quote is not properly escaped on Issue Navigator page

If a project has a double-quote in its name, it's not xml-escaped when used in "title" attribute. For example, if we have a project named 14" monitors, the html will look like: 14" monitors This causes JIRA Client to hiccup on this page and lose a lot of functionality. On web browser, the title i...

1.6AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2006/02/17 12:0 a.m.10 views

The link tooltip and the statusbar can be misleading – Opera Security Advisories

The link tooltip and the statusbar can be misleading – Opera Security Advisories OPCOM Team | February 17, 2006 Summary Opera’s status bar shows the “title” attribute of a form inputimage, not the form’s “action” URL. This may mislead the user. Severity: Very low Problem description It is possibl...

5.8AI score
Exploits0References1
Rows per page
Query Builder