uzbl: Information disclosure via world-readable cookies storage file
Max CVSS
5.5
EPSS Score
0.05%
Published
2019-11-19
Updated
2019-11-22
The default configuration of the <Button2> binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
Max CVSS
6.8
EPSS Score
7.15%
Published
2010-08-19
Updated
2017-08-17
The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes the run method of the Uzbl object, which allows remote attackers to execute arbitrary commands via JavaScript code.
Max CVSS
7.5
EPSS Score
0.96%
Published
2010-02-25
Updated
2017-08-17
3 vulnerabilities found