WorkScout Core < 1.3.4 - Authenticated Stored XSS & XFS

The plugin, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues PoC Payloads: " POST /wp-admin/admin-ajax.php HTTP/1.1 Content-Type:...

WordPress WorkScout premium theme <= 2.0.31 - Cross-Frame Scripting (XFS) vulnerability

Cross-Frame Scripting XFS vulnerability discovered by m0ze Patchstack Red Team in WordPress WorkScout premium theme versions = 2.0.31. Solution Update the WordPress WorkScout premium theme to the latest available version at least 2.0.32...

WordPress BA Book Everything plugin <= 1.3.24 - Unauthenticated Reflected Cross-Site Scripting (XSS) and Cross-Frame Scripting (XFS) vulnerabilities

Unauthenticated Reflected Cross-Site Scripting XSS and Cross-Frame Scripting XFS vulnerabilities found by Ex.Mi in WordPress BA Book Everything plugin versions = 1.3.24. Solution Update the WordPress BA Book Everything plugin to the latest available version at least 1.3.25...

WordPress Love Travel premium theme <= 3.8 - Unauthenticated Reflected Cross-Site Scripting (XSS) and Cross-Frame Scripting (XFS) vulnerabilities

Unauthenticated Reflected Cross-Site Scripting XSS and Cross-Frame Scripting XFS vulnerabilities found by Ex.Mi in WordPress Love Travel premium theme versions = 3.8. Solution 2020-11.12 - we were unable to find information about the patched version of this theme...

WordPress SW Ajax WooCommerce Search plugin <= 1.2.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) / Cross-Frame Scripting (XFS) vulnerabilities

Unauthenticated Reflected Cross-Site Scripting XSS / Cross-Frame Scripting XFS vulnerabilities found by Ex.Mi in WordPress SW Ajax WooCommerce Search plugin versions = 1.2.6. Solution Update the WordPress SW Ajax WooCommerce Search plugin to the latest available version at least 1.2.8...

Comment Press < 2.7.2 - Unauthenticated Cross-Frame Scripting

An Unauthenticated Cross-Frame Scripting vulnerability was discovered in the Comment Press plugin v2.7.0 for WordPress. ! :: PoC Burp Suite: POST /wp-comments-post.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest...

Comment Press < 2.7.2 - Unauthenticated Cross-Frame Scripting

An Unauthenticated Cross-Frame Scripting vulnerability was discovered in the Comment Press plugin v2.7.0 for WordPress. PoC ! :: PoC Burp Suite: POST /wp-comments-post.php HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest...

WordPress Comment Press premium plugin <= 2.7.0 - Unauthenticated Cross-Frame Scripting (XSS) vulnerability

Unauthenticated Cross-Frame Scripting XSS vulnerability found by Ex.Mi in WordPress Comment Press premium plugin versions = 2.7.0. Solution Update the WordPress Comment Press premium plugin to the latest available version at least 2.7.2...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-frame scripting

Summary A Cross-frame scripting vulnerability was addressed by IBM InfoSphere Information Server. Vulnerability Details CVEID: CVE-2020-4727 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a...

WordPress Love Travel premium theme <= 1.9 - Unauthenticated Reflected Cross-Site Scripting (XSS) and Cross-Frame Scripting (XFS) vulnerabilities

Unauthenticated Reflected Cross-Site Scripting XSS and Cross-Frame Scripting XFS vulnerabilities found by Ex.Mi in WordPress Love Travel premium theme versions = 1.9 Solution Update the WordPress Love Travel premium theme to the latest available version at least 2.0...

Security Bulletin: Cross frame scripting vulnerability in Connect:Enterprise HTTP (CVE-2013-6327)

Summary IBM Sterling Connect:Enterprise HTTP Option is vulnerable to cross frame scripting attacks. Vulnerability Details CVE ID: CVE-2013-6327 DESCRIPTION: IBM Sterling Connect:Enterprise HTTP Option could allow a cross-frame scripting attack, caused by improper validation of input within a fram...

CVE-2019-1975

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

CVE-2019-1975

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

CVE-2019-1975

CVE-2019-1975 affects the web-based interface of Cisco HyperFlex Software. The root cause is insufficient HTML iframe protection, enabling a cross-frame scripting (XFS) attack. An unauthenticated, remote attacker could lure a user to a malicious page containing an HTML iframe, potentially resulti...

CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

CVE-2019-16193

In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...

CVE-2019-16193

In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...

CVE-2019-16193

In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...