47 matches found
CVE-2026-35508
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,...
CVE-2026-35508
Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,...
EUVD-2017-17408
Malware in sbrugna...
EUVD-2004-1447
Malware in sbrugna...
EUVD-2013-2262
Malware in sbrugna...
EUVD-2004-0166
Malware in sbrugna...
EUVD-2016-6081
Malware in sbrugna...
EUVD-2022-3569
Malicious code in bioql PyPI...
CVE-2022-28869
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number...
CVE-2021-23253
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part e.g. www.safe.opera.com… The exac...
CVE-2020-2227
Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability...
Brave Desktop 1.77.95 Security Fixes
Updated brave://downloads to always display the download URL as reported on HackerOne by cj27. - Prevent extensions from injecting content scripts on https://account.brave.com as reported on HackerOne by newfunction. Upgraded Chromium to 135.0.7049.52 — refer to Google Chrome advisories for...
RHEL 8 : thunderbird (RHSA-2024:0961)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0961 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...
SUSE CVE-2016-1707
ios/web/webstate/ui/crwwebcontroller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site...
CVE-2022-0112
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL...
CVE-2021-23253
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part e.g. www.safe.opera.com… The exac...
Code injection
Opera Mini for Android below 53.1 displays URL left-aligned in the address field. This allows a malicious attacker to craft a URL with a long domain name, e.g. www.safe.opera.com.attacker.com. With the URL being left-aligned, the user will only see the front part e.g. www.safe.opera.com… The exac...
CVE-2021-23253
Opera Mini for Android below 53.1 is affected by an address-bar spoofing issue: long URLs with left-aligned display can hide the real domain (example: www.safe.opera.com.attacker.com). Starting with version 53.1, long URLs are displayed with the top-level domain label aligned to the right of the ...
CVE-2020-6827
The Mozilla Foundation Security Advisory describes this flaw as: When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI...
GitLab: Double linking cause XSS (but blokeced by CSP in gitlab.com)
Summary URL display on Gitlab.com is currently broken. There is a risk of XSS due to double conversion of URLs into links. However, 12.5 incorporating the fix has not yet been released and is blocked by CSP at gitlab.com. Steps to reproduce 1. Login to gitlab.com 2. Create new project 3. Create a...