CyberSec.Space Logo
Back to CVE Browser

CVE-2018-16983

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile8.98th
PublishedSep 13, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value.

Affected Platforms (CPE)

πŸ“¦
Noscript

Noscript

< 5.1.8.7
πŸ“¦
Torproject

Tor Browser

>= 7.0.0 and <= 7.0.11

References & Advisories

πŸ”— https://noscript.net/getit#classic
πŸ”— https://twitter.com/Zerodium/status/1039127214602641409
πŸ”— https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/
πŸ”— https://noscript.net/getit#classic
πŸ”— https://twitter.com/Zerodium/status/1039127214602641409
πŸ”— https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/

Related Vulnerabilities

CVE-2004-139010.0

Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long ...

CVE-2020-40547.3

In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. ...

CVE-2019-129706.1

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type ele...

CVE-2020-68026.1

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitel...