[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
OVAL

XSS vulnerability by breaking out of title and textarea elements using innerHTML - CVE-2019-11744

ID: oval:org.secpod.oval:def:58327Date: (C)2019-10-11   (M)2024-04-17
Class: VULNERABILITYFamily: windows




Mozilla Firefox 69, Mozilla Firefox ESR 68.1 and Mozilla Thunderbird 68.1 : Some HTML elements, such as </code> and <code><textarea></code>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to <code>.innerHTML</code> on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements.</p><table cellspacing='5' border='0' align='left' style='color:#08549C'><tr><td width='380px'><b>Platform:</b></td></tr><tr><td>Microsoft Windows Server 2022</td></tr><tr><td>Microsoft Windows 11</td></tr><tr><td>Microsoft Windows Server 2003</td></tr><tr><td>Microsoft Windows 8</td></tr><tr><td>Microsoft Windows XP</td></tr><tr><td>Microsoft Windows Server 2008</td></tr><tr><td>Microsoft Windows Vista</td></tr><tr><td>Microsoft Windows 7</td></tr><tr><td>Microsoft Windows 8.1</td></tr><tr><td>Microsoft Windows Server 2008 R2</td></tr><tr><td>Microsoft Windows Server 2012</td></tr><tr><td>Microsoft Windows Server 2016</td></tr><tr><td>Microsoft Windows Server 2019</td></tr><tr><td>Microsoft Windows Server 2012 R2</td></tr><tr><td>Microsoft Windows 10</td></tr></table><table cellspacing='5' border='0' style='color:#08549C'><tr><td width='415px'><b>Product:</b></td></tr><tr><td>Mozilla Firefox</br></td></tr><tr><td>Mozilla Firefox ESR</br></td></tr><tr><td>Mozilla Thunderbird</br></td></tr></table><table cellspacing='5' width="100%" border='0' style='color:#08549C'><tr><td width='640px' valign='top'><b>Reference:</b> </td></tr><tr><td><a href="javascript: openReference('http://www.scaprepo.com/view.jsp?id=CVE-2019-11744')">CVE-2019-11744</a></td></tr></table> </div> </td> </tr> </table> </div> <a href="control.jsp?command=relation&relationId=CVE-2019-11744&search=CVE-2019-11744" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub1')" onmouseOut="showIdsMouseOut('sub1')"> <div class='relation-div-small' id='sub1' style='left:45%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CVE</b> </font> <font color="#08549C" size=3> <b>   1</b> </font> </td> </tr> </table> <div id="idDiv1" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> CVE-2019-11744<br/> </font> </div> </div> </a> <input id="idDivHidden1" name="idDivHidden1" type="hidden" value="CVE-2019-11744"> <div style="position:absolute;top:620px;left:540px;clear:both;"> <script> function footer(page){ window.open(page); } </script> <script src="/JavaScriptServlet" type="text/javascript"></script> <p style="clear:both;text-align:center;"> <center><p>© <script>document.write(new Date().getFullYear())</script> SecPod Technologies</p></center> </p> </div> </div> </body> </html>