The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird involve information representation errors in the user interface, allowing attackers to obtain user permissions.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow a remote attacker to obtain user permissions...

The vulnerability of the Mozilla Firefox browser, related to errors in the user interface’s information representation, allows attackers to carry out clickjacking attacks.

The vulnerability of the Mozilla Firefox browser is related to errors in information representation by the user interface. Exploiting this vulnerability can allow a remote attacker to carry out a clickjacking attack...

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2024-17971)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a spoofing vulnerability that can be exploited by attackers to override and spoof elements of the user interface...

@oneuptime/common-server (>=7.0.141 <=7.0.1814), @oneuptime/common-ui (>=7.0.141 <=7.0.1814) +1 more potentially affected by CVE-2024-29194 via @oneuptime/model (>=7.0.141 <=7.0.1814)

@oneuptime/model NPM version =7.0.141, =7.0.141, =7.0.141, =7.0.141, =7.0.1769 Source cves: CVE-2024-29194 Source advisory: OSV:GHSA-246P-XMG8-WMCQ...

IBM Security Verify Directory 跨站脚本漏洞

IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Security Verify Directory version 10.0.0, which originates from a vulnerability that allows a user to embed...

LoadMaster 安全漏洞

Kemp LoadMaster is a highly secure application from Kemp. A security vulnerability exists in LoadMaster that originates from an operating system command injection that allows an attacker to inject commands into a UI component using shell commands...

KLA65278 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a spoofing vulnerability that can be exploited by attackers to override and spoof elements of the user interface...

DEBIAN-CVE-2024-2628

Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Chromium security severity: Medium...

SUSE CVE-2024-2628

Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. Chromium security severity: Medium...

IBM Sterling Secure Proxy Cross-Site Scripting Vulnerability (CNVD-2024-15367)

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0. An attacker...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an incorrect security UI in iOS. An attacker can exploit this vulnerability to bypass security restrictions...

KLA65224 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, spoof user interface, gain privileges, bypass security restrictions. Below is a complete list of...

PT-2024-2642 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 123.0.6312.58 Description: The issue is related to incorrect security UI in Google Chrome, allowing a remote attacker to perform UI spoofing via a crafted HTML page. This can be achieved by exploiting the...

The vulnerability of the Azure SDK software development kit, related to errors in user interface representation, allows attackers to perform spoofing attacks.

The vulnerability of the Azure SDK software development kit is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to perform spoofing attacks...

Cisco IP Phones 8800 Series Arbitrary Script Injection (CVE-2018-0461)

A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data...

Cisco IP Phones 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting (CVE-2019-16008)

A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of an affected system. The vulnerability is due to...

CVE-2023-46182

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 269692...

IBM Sterling Secure Proxy 跨站脚本漏洞

IBM Sterling Secure Proxy is an application proxy from International Business Machines IBM that is used to ensure the secure transfer of files in an organization's unprotected zone DMZ. A cross-site scripting vulnerability exists in IBM Sterling Secure Proxy versions 6.0.3 and 6.1.0. An attacker...

PYSEC-2024-46

Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access.Users of Apache Airflow are recommended to upgrade to versio...