14 matches found
EUVD-2017-11691
Malware in sbrugna...
EUVD-2017-11628
Malware in sbrugna...
CVE-2012-4904
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS UXSS" attacks against the current tab...
CVE-2017-7089
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that is mishandl...
CVE-2017-2528
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly interacts with cached frames...
CVE-2017-2508
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly interacts with container nodes...
CVE-2017-2510
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly interacts with pageshow events...
CVE-2017-2510
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly interacts with pageshow events...
CVE-2016-2817
The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS UXSS attacks via a craft...
Session fixation
The GenerateFunction function in bindings/scripts/codegeneratorv8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS UXSS attacks via...
CVE-2009-1414
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors...
Cross site scripting
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors...
CVE-2009-1414
CVE-2009-1414 pertains to Google Chrome 2.0.x, where modifications to the global object can persist across a page transition. The connected sources describe this as enabling universal XSS attacks via unspecified vectors, with the base CVSS v2 score listed as 4.3 (Medium) and an attacker that does...
CVE-2009-1414
Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors...