CVE-2019-17221

PhantomJS through 2.1.1 has an arbitrary file read vulnerability, as demonstrated by an XMLHttpRequest for a file:// URI. The vulnerability exists in the page.open function of the webpage module, which loads a specified URL and calls a given callback. An attacker can supply a specially crafted HT...

CVE-2019-17221

Removed by vendor...

CVE-2019-17221

CVE-2019-17221 affects PhantomJS up to version 2.1.1. The vulnerability is an arbitrary file read in the webpage module’s page.open() function, exploitable via an XMLHttpRequest to a file:// URI. An attacker can provide a crafted HTML file as input, causing PhantomJS to read arbitrary files on th...

Tidio Live Chat <= 4.1.0 - CSRF to Stored XSS

A CSRF vulnerability in the Tidio Live Chat WordPress Plugin var xhr = new XMLHttpRequest; xhr.open"POST", "https://wordpress.local/wp-admin/admin-ajax.php?action=tidiochatsavekeys", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8";...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

Design/Logic Flaw

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

CVE-2019-15138

The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL...

Sentrifugo 3.2 Cross Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

Sentrifugo 3.2 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in...

Design/Logic Flaw

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

CVE-2019-11691

CVE-2019-11691 is a use-after-free vulnerability in XMLHttpRequest (XHR) triggered by an event loop, causing the XHR main thread to be invoked after the object is freed. Affects Thunderbird versions &lt; 60.7 and Firefox/Firefox ESR versions

CVE-2019-11691

A use-after-free vulnerability can occur when working with XMLHttpRequest XHR in an event loop, causing the XHR main thread to be called after it has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

U.S. Dept Of Defense: [█████] Reflected GET XSS (/personnel.php?...&rcnum=*) with mouse action

I will combine this vulnerability with this vulnerability described in this report 648222. If you have not read this report, I recommend reading that report first, and then studying this report. I want to note that this report cannot be closed as a duplicate to the above described report. why?...

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Design/Logic Flaw

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2019-5832

CVE-2019-5832 affects Chromium/Chrome: an error in the Cross-Origin Resource Sharing (CORS) handling exposes cross-origin data when a crafted HTML page is loaded. Root cause: CORS-related flaw in Chromium’s policy enforcement. Impact stated as information disclosure via cross-origin leaks. Remedi...

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

KLA11736 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to bypass security restrictions, spoof user interface, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Policy enforcement in Extensions component...