Bo0oM

2 exploits Active since Oct 2017
CVE-2017-5124 NOMISEC MEDIUM WORKING POC
Google Chrome < 62.0.3202.62 - Universal Cross-Site Scripting via MHTML Page
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
160 stars
CVSS 6.1
CVE-2017-7089 NOMISEC MEDIUM WORKING POC
Safari < 10.1.2 - Universal Cross-Site Scripting via Parent-Tab Processing
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that is mishandled during parent-tab processing.
63 stars
CVSS 6.1