Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

208 matches found

OSV
OSVadded 2024/01/18 3:30 p.m.17 views

GHSA-5XFX-55X4-J223 Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.7AI score0.0005EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2024/01/18 3:30 p.m.21 views

Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.8AI score0.0005EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2024/01/18 1:15 p.m.13 views

CVE-2024-0669

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.5AI score
Exploits0References1
NVD
NVDadded 2024/01/18 1:15 p.m.10 views

CVE-2024-0669

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.3AI score0.0005EPSS
Exploits0References1
Prion
Prionadded 2024/01/18 1:15 p.m.15 views

Cross site scripting

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

6.8CVSS6.8AI score0.0005EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2024/01/18 12:26 p.m.21 views

CVE-2024-0669 Cross-Frame Scripting (XFS) on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

6.3CVSS6.9AI score0.0005EPSS
Exploits0References1
CVE
CVEadded 2024/01/18 12:26 p.m.51 views

CVE-2024-0669

Plone CMS (

7.1CVSS6.7AI score0.0005EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2024/01/18 12:0 a.m.3 views

PT-2024-15734 · Plone Cms · Plone Cms

Name of the Vulnerable Software and Affected Versions: Plone CMS versions prior to 6.0.5 Description: A Cross-Frame Scripting issue has been found in Plone CMS. This issue allows an attacker to store a malicious URL that can be opened by an administrator, potentially leading to the execution of a...

7.1CVSS6.7AI score0.0005EPSS
Exploits0References11
CNNVD
CNNVDadded 2024/01/18 12:0 a.m.3 views

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone CMS versions prior to 6.0.5, which stems from a cross-frame scripting vulnerability that could allow an attacker to store a malicious URL opened by an administrator...

7.1CVSS6.5AI score0.0005EPSS
Exploits0References2
0day.today
0day.todayadded 2022/12/30 12:0 a.m.341 views

Hughes Satellite Router Remote File Inclusion Cross Frame Scripting Vulnerability

Hughes Satellite Router contains a cross-frame scripting via remote file inclusion vulnerability that may potentially be exploited by malicious users to compromise an affected system. This vulnerability may allow an unauthenticated malicious user to misuse frames, include JS/HTML code and steal...

7AI score
Exploits0
Packet Storm
Packet Stormadded 2022/12/29 12:0 a.m.270 views

Hughes Satellite Router Remote File Inclusion Cross Frame Scripting

Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting Vendor: Hughes Network Systems, LLC Product web page: https://www.hughes.com Affected version: HX200 v8.3.1.14 HX90 v6.11.0.5 HX50L v6.10.0.18 HN9460 v8.2.0.48 HN7000S v6.9.0.37 Summary: The HX200 is a high-performance satellite...

0.2AI score
Exploits0
Zero Science Lab
Zero Science Labadded 2022/12/28 12:0 a.m.367 views

Hughes Satellite Router Remote File Inclusion Cross-Frame Scripting

Summary The HX200 is a high-performance satellite router designed to provide carrier-grade IP services using dynamically assigned high-bandwidth satellite IP connectivity. The HX200 satellite router provides flexible Quality of Service QoS features that can be tailored to the network applications...

6.1CVSS6.4AI score0.01265EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletinsadded 2022/09/26 4:23 a.m.14 views

Security Bulletin: IBM Storwize V7000 Unified fix available for Cross Frame Scripting vulnerability via Graphical User Interface (CVE-2013-5376)

Abstract An issue in IBM Storwize V7000 Unified allows remote attackers to access the system as an authorized administrative user Content VULNERABILITY DETAILS: CVE ID: CVE-2013-5376 DESCRIPTION: An error in the IBM Storwize V7000 Unified Graphical User Interface results in a Cross Frame Scriptin...

4.3CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/09/26 4:23 a.m.15 views

Security Bulletin: IBM SONAS fix available for Cross Frame Scripting vulnerability via Graphical User Interface (CVE-2013-5376)

Abstract An issue in IBM SONAS allows remote attackers to access the system as an authorized administrative user. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-5376 DESCRIPTION: An error in the IBM SONAS Graphical User Interface results in a Cross Frame Scripting vulnerability which can be used...

4.3CVSS5.8AI score0.00236EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2022/09/25 11:13 p.m.81 views

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.0.1

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 8.5.0.1 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-3304 PM54356 DESCRIPTION: WebSphere Application Server could allow a remote attacker to hijack a valid user’s session, caused by an...

7.5CVSS8.5AI score0.0474EPSS
Exploits5Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2022/09/25 10:31 p.m.40 views

Security Bulletin: Security Vulnerabilities fixed in IBM WebSphere Application Server 7.0.0.25

Abstract Cross reference list for security vulnerabilities fixed in IBM WebSphere Application Server Fix Pack 7.0.0.25 Content VULNERABILITY DETAILS: CVE ID:CVE-2012-3304 PM54356 DESCRIPTION: WebSphere Application Server could allow a remote attacker to hijack a valid user’s session, caused by an...

6.8CVSS7.7AI score0.0474EPSS
Exploits3Affected Software1
Huntr
Huntradded 2021/08/23 8:10 a.m.6 views

Cross-site Scripting (XSS) - Reflected in erikdubbelboer/phpredisadmin

✍️ Description The application is vulnerable to XFS attack. 🕵️‍♂️ Proof of Concept Navigate to https://domain.tld/phpRedisAdmin/?https://www.eia.gov/state/maps The page https://www.eia.gov/state/maps.php will be loaded in an iframe on the page. 💥 Impact Cross-Frame Scripting XFS is an attack that...

0.8AI score
Exploits0References1
NVD
NVDadded 2021/05/06 1:15 p.m.8 views

CVE-2021-24246

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...

5.4CVSS0.00162EPSS
Exploits2References2
OSV
OSVadded 2021/05/06 1:15 p.m.1 views

CVE-2021-24246

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...

5.4CVSS5.8AI score
Exploits0References2
Prion
Prionadded 2021/05/06 1:15 p.m.11 views

Cross site scripting

The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...

3.5CVSS5.3AI score0.00162EPSS
Exploits2References2Affected Software2
Rows per page
Query Builder