60 matches found
CVE-2024-26283
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS 123...
CVE-2024-1563
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...
CVE-2024-1563
CVE-2024-1563 affects Mozilla Firefox for iOS Focus prior to version 122. The issue is a timeout race condition involving opening an external URL with a custom Firefox scheme, allowing an attacker to run unauthorized scripts on the top-origin page via a JavaScript URI. Connected documents confirm...
CVE-2024-1563
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...
PT-2024-21329 · Mozilla · Firefox For Ios
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 123 Description: An issue allows an attacker to execute unauthorized scripts on the current top origin sites in the URL bar when a JavaScript URI is scanned with the QR code scanner. Recommendations: For...
PT-2024-18134 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 122 Description: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...
Cross Site Scripting (XSS)
@serenity-is/corelib is vulnerable to Cross Site Scripting XSS. The vulnerability is caused by improper URL validation within LoginPage.tsx because it fails to ensure that URLS don't start with a forward slash /, enabling malicious email links to execute unauthorized scripts...
Security Vulnerabilities fixed in Firefox for iOS 123 — Mozilla
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. Upon scanning a JavaScri...
Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...
CVE-2024-0605
The CVE-2024-0605 issue affects Mozilla Focus for iOS prior to version 122. A race condition arises when using a javascript: URI with setTimeout, enabling an attacker to run unauthorized scripts on top-origin sites via the URL bar, potentially leading to arbitrary code execution or unauthorized a...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
osCommerce Cross-Site Scripting Vulnerability
osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce suffers from a cross-site scripting vulnerability that stems from susceptibility to a cross-site scripting XSS vulnerability that allows an attacker to execute unauthorized scripts in a user's...
CVE-2022-34468
An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...
bst.dir.bg XSS vulnerability
Open Bug Bounty ID: OBB-171488 Description| Value ---|--- Affected Website:| bst.dir.bg Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
fastcoexist.com XSS vulnerability
Vulnerable URL: http://www.fastcoexist.com/newsletters?--alert'XSSPOSED'...