EUVD-2018-10991

Malware in sbrugna...

CVE-2019-2229

In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8....

Code injection

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API...

CVE-2018-19288

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API...

CVE-2018-19288

CVE-2018-19288 : Zoho ManageEngine OpManager 12.3 prior to Build 123223 is vulnerable to a Cross-Site Scripting (XSS) flaw via the updateWidget API. The underlying issue is an XSS payload that can be injected through this API, enabling arbitrary script execution in affected sessions. Documented i...

CVE-2018-19288

Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API...

WebKit HTMLObjectElement::updateWidget Universal XSS

WebKit: UXSS through HTMLObjectElement::updateWidget CVE-2017-2493 When an object element loads a JavaScript URLe.g., javascript:alert1, it checks whether it violate the Same Origin Policy or not. Here's some snippets of the logic. void HTMLObjectElement::updateWidgetCreatePlugins createPlugins...