179 matches found
CVE-2018-0326
A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...
CVE-2018-0326
A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting XFS attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames...
Remote code execution
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found...
CVE-2016-8521
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found...
CVE-2016-8521
A Remote click jacking vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found...
CVE-2016-8521
CVE-2016-8521 concerns a remote clickjacking vulnerability in HP Diagnostics Server. The affected versions are HPE Diagnostics 9.24 IP1, 9.26, and 9.26IP1. The provided documents identify a clickjacking issue impacting HP Diagnostics but do not include concrete exploit details, root‑cause analysi...
Cross site scripting
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...
CVE-2017-12258
CVE-2017-12258 affects Cisco Unified Communications Manager (CUCM) Web UI. The flaw stems from insufficient protections for HTML inline frames (iframes), enabling an unauthenticated, remote attacker to direct a user to a page containing a malicious iframe to perform a click-jacking/XSF-style brow...
Cisco Unified Communications Manager Cross-Frame Scripting Vulnerability
A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability exists because the affected software does not provide sufficient protections for HTML inline frames iframes...
CVE-2017-7666
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery CSRF attacks, XSS attacks, click-jacking, and MIME based attacks...
CVE-2017-7666
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery CSRF attacks, XSS attacks, click-jacking, and MIME based attacks...
Cross site request forgery (csrf)
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery CSRF attacks, XSS attacks, click-jacking, and MIME based attacks...
CVE-2017-7666
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery CSRF attacks, XSS attacks, click-jacking, and MIME based attacks...
CVE-2017-7666
CVE-2017-7666 affects Apache OpenMeetings 1.0.0 and exposes CSRF, XSS, click‑jacking, and MIME-based attacks. The issue is addressed in OpenMeetings 3.3.0; remediation is to upgrade to at least 3.3.0. Exploitation details are not provided in the supplied documents.
Yelp: Click jacking in delete image of user in Yelp
Hello, Problem I found that https://www.yelp.com/userphotos/photoid/remove is vulnerable to click-jacking because of missing X-Frame-Options on this page which allows an attacker to send the victim the POC sent with the report to the user to remove his profile picture POC Click You've been...
openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2016:3309-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : roundcubemail (openSUSE-2016-1533)
This update for roundcubemail fixes the following issues : - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A malicious...
Security update for roundcubemail (important)
This update for roundcubemail fixes the following issues: - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A maliciousl...
openSUSE Security Update : roundcubemail (openSUSE-2016-1419)
roundcubemail was updated to version 1.1.7 and fixes the following issues : - Update to 1.1.7 - A maliciously crafted FROM value could cause extra parameters to be passed to the sendmail command boo1012493 - A maliciously crafted email could cause untrusted code to be executed cross site scriptin...
openSUSE Security Update : roundcubemail (openSUSE-2016-1418)
This update for roundcubemail fixes the following issues : - A maliciously crafted email could cause untrusted code to be executed cross site scripting using $lt;area href=javascript:... boo982003, CVE-2016-5103 - Avoid HTML styles that could cause potential click jacking boo1001856 - A malicious...