Total
38469 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-5176 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. This can allow for the theft of cookies and authorization tokens which are accessible to that context. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5175 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5172 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes script from the clipboard into them while viewing RSS feeds or PDF files. This could allow a malicious site to socially engineer a user to copy and paste malicious script content that could then run with the context of either page but does not allow for privilege escalation. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5167 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display "javascript:" links, which users could be tricked into clicking by malicious sites. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5164 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| Content Security Policy (CSP) is not applied correctly to all parts of multipart content sent with the "multipart/x-mixed-replace" MIME type. This could allow for script to run where CSP should block it, allowing for cross-site scripting (XSS) and other attacks. This vulnerability affects Firefox < 60. | ||||
| CVE-2018-5143 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-11-21 | N/A |
| URLs using "javascript:" have the protocol removed when pasted into the addressbar to protect users from cross-site scripting (XSS) attacks, but if a tab character is embedded in the "javascript:" URL the protocol is not removed and the script will execute. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Firefox < 59. | ||||
| CVE-2018-5124 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1. | ||||
| CVE-2018-5078 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | ||||
| CVE-2018-5077 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | ||||
| CVE-2018-5076 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. | ||||
| CVE-2018-5075 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. | ||||
| CVE-2018-5074 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. | ||||
| CVE-2018-5072 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | N/A |
| Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | ||||
| CVE-2018-5071 | 1 Cobham | 2 Sea Tel 116, Sea Tel 116 Firmware | 2024-11-21 | N/A |
| Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. | ||||
| CVE-2018-5005 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2018-4941 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 6.1 Medium |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-4940 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 6.1 Medium |
| Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. | ||||
| CVE-2018-4931 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2018-4930 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||
| CVE-2018-4929 | 1 Adobe | 1 Experience Manager | 2024-11-21 | N/A |
| Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure. | ||||