Lucene search
K

852 matches found

OSV
OSV
added 2024/06/04 3:15 p.m.5 views

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

5.4CVSS5.9AI score0.00202EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/04 2:28 p.m.18 views

CVE-2024-0756 Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

6.8AI score0.00202EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.23 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. PoC 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the...

5.4CVSS6.6AI score0.00202EPSS
Exploits2References1
Openbugbounty
Openbugbounty
added 2024/04/25 5:41 p.m.16 views

mediatheque.crans-montana.ch IFRAME Injection vulnerability OBB-3921938

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/27 2:20 p.m.13 views

schultemarineconcept.bs-shipmanagement.com IFRAME Injection vulnerability OBB-3860831

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

9.8CVSS7.3AI score0.39973EPSS
Exploits3References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2021-4227

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5.3CVSS5.9AI score0.00608EPSS
Exploits1References1
Prion
Prion
added 2024/01/16 4:15 p.m.21 views

Code injection

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5CVSS7.1AI score0.00608EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/16 3:52 p.m.6 views

CVE-2021-4227 Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5.4AI score0.00608EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/01/16 3:52 p.m.32 views

CVE-2021-4227 Ark Comment Editor <= 2.15.6 - Iframe Injection via Comment

The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section...

5.7AI score0.00608EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.6 views

WordPress plugin ark-commenteditor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS7AI score0.00608EPSS
Exploits1References2
Openbugbounty
Openbugbounty
added 2023/12/30 1:48 a.m.17 views

members.infotracer.com IFRAME Injection vulnerability OBB-3826339

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/23 11:1 a.m.10 views

weborder.husqvarna.com IFRAME Injection vulnerability OBB-3820722

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/22 9:44 a.m.12 views

weborder.husqvarna.com IFRAME Injection vulnerability OBB-3819805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/07 7:6 a.m.10 views

miamiartzine.com IFRAME Injection vulnerability OBB-3805210

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/04 1:47 p.m.12 views

eurovoyages.net IFRAME Injection vulnerability OBB-3802516

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.28 views

Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection

Description The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7AI score0.00272EPSS
Exploits0References1Affected Software1
0day.today
0day.today
added 2023/09/11 12:0 a.m.374 views

Wordpress Elementor 3.5.5 Plugin - Iframe Injection Vulnerability

Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlled URLs from being...

6.1CVSS6.3AI score0.02027EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.482 views

Wordpress Plugin Elementor 3.5.5 - Iframe Injection

Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...

6.1CVSS6.5AI score0.02027EPSS
Exploits5
OpenVAS
OpenVAS
added 2023/08/15 12:0 a.m.29 views

WordPress Elementor Website Builder Plugin < 3.5.5 Iframe Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elementor:websitebuilder"; ifdescription...

6.1CVSS6.9AI score0.02027EPSS
Exploits5References1
Rows per page
Query Builder