http-equiv vulnerabilities and exploits

(subscribe to this query)

NA

Internet Explorer 6 allows remote malicious users to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.

Microsoft Ie 6

1 EDB exploit

5.3

CVSSv3

messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications prior to 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.

Kde Kde Applications

NA

Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expre...

Tdah T-day Webmail 3.2.0-2.3

2 EDB exploits

6.1

CVSSv3

An open redirect through HTML injection in user messages in Asp.Net Zero prior to 12.3.0 allows remote malicious users to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.

Aspnetzero Asp.net Zero

NA

Unspecified vulnerability in Default.aspx in Podium CMS allows remote malicious users to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross...

Podium Cms Podium Cms

5.4

CVSSv3

An open redirect through HTML injection in confidential messages in Cryptshare prior to 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"�...

Cryptshare Cryptshare Server

NA

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a...

Manageengine Servicedesk Plus 8.1

1 EDB exploit

NA

Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote malicious users to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" t...

Aol Instant Messenger 4.7 Aol Instant Messenger 4.5 Aol Instant Messenger 4.7.2480

1 EDB exploit

NA

Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios up to and including 0.6.22 allow remote malicious users to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/views/kohana_error_page.php or (2) share/pnp/application/views/...

6.5

CVSSv3

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries(). This is a same-origin policy violation and could allow for data theft. T...

Mozilla Thunderbird Mozilla Firefox Esr Mozilla Firefox

Get Started

1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook