497 matches found
CVE-2026-42558
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
EUVD-2026-36170
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
CVE-2026-42558 Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
CVE-2026-42558
CVE-2026-42558 affects Xibo CMS (prior to 4.4.2). A vulnerability chain combining Stored XSS and an Iframe sandbox escape via the Data Connector Script in DataSet can be exploited by an authorized user who has DataSet permissions and the ability to add DataSets to layouts. The issue requires the ...
Xibo 跨站脚本漏洞
Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored XSS attacks and an Iframe sandbox escape chain, which could allow users with DataSet permissions to use...
CVE-2026-47901 Iframe escape by plugins in Logseq
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...
Astra Linux - уязвимость в webkit2gtk
This issue has been addressed through improved enforcement of iframe sandboxing policies. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policies...
Astra Linux - уязвимость в chromium
In COOP mode in Google Chrome prior to version 98.0.4758.80, it was possible for a remote attacker to bypass the iframe sandbox through a crafted HTML page...
Astra Linux - уязвимость в webkit2gtk
This issue has been addressed through improved enforcement of iframe sandbox rules. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в firefox, thunderbird
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could allow script execution when the allow-scripts flag is not set. This vulnerability affects Thunderbird version 91.9, Firefox ESR version 91.9, and Firefox version 100...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-8563
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
Chromium: CVE-2026-8563 Insufficient policy enforcement in IFrame Sandbox
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-8563
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8563
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
GHSA-4VRC-M9CH-6M3R Open WebUI has stored XSS via the HTML renedering view
Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Op...
Open WebUI has stored XSS via the HTML renedering view
Summary Through the HTML rendering view, scripts can be injected and executed. The finding resulted from a penetration test for a customer. It is suspected that the root cause of the issue lies within the core of Open WebUI, which is why it is being reported as a security issue here. Tested on Op...
CVE-2026-8563
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8563
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...