Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): browser
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2024-21640 |
Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e. Published: January 13, 2024; 3:15:07 AM -0500 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2023-51068 |
An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. Published: January 12, 2024; 11:15:08 PM -0500 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-51067 |
An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. Published: January 12, 2024; 11:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-21639 |
CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e. Published: January 12, 2024; 5:15:45 PM -0500 |
V3.1: 9.6 CRITICAL V2.0:(not available) |
CVE-2023-49258 |
User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter. Published: January 12, 2024; 10:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-22199 |
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. Published: January 11, 2024; 1:15:45 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-0310 |
A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. Published: January 10, 2024; 6:15:10 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-22125 |
Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. Published: January 08, 2024; 9:15:46 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2024-22048 |
govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page. Published: January 04, 2024; 4:15:09 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6540 |
A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information. Published: January 03, 2024; 4:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-5880 |
When the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. Published: January 03, 2024; 3:15:21 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2024-21911 |
TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. Published: January 03, 2024; 11:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-21910 |
TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser. Published: January 03, 2024; 11:15:09 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2024-21908 |
TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. Published: January 03, 2024; 11:15:08 AM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-6094 |
A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target. Published: December 31, 2023; 5:15:08 AM -0500 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-52263 |
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. Published: December 30, 2023; 2:15:08 PM -0500 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-31293 |
An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled. Published: December 28, 2023; 10:15:10 PM -0500 |
V3.1: 4.3 MEDIUM V2.0:(not available) |
CVE-2023-45701 |
HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. Published: December 28, 2023; 2:15:07 AM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-49001 |
An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an attacker to bypass intended access restrictions via interaction with the com.example.gurry.kvbrowswer.webview component. Published: December 27, 2023; 5:15:16 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-47883 |
The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity. Published: December 27, 2023; 4:15:08 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |