497 matches found
Astra Linux – Vulnerability in Chromium
In COOP mode in Google Chrome prior to version 98.0.4758.80, it was possible for a remote attacker to bypass the iframe sandbox through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the iFrameSandbox of Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the iframe sandbox of Google Chrome prior to version 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Firefox and Thunderbird
It was possible to create specific XSLT markup that could bypass the iframe sandbox. This vulnerability affects Firefox ESR versions prior to 91.5, Firefox versions prior to 96, and Thunderbird versions prior to 91.5...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-42558
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
CVE-2026-42558 Xibo Vulnerable to Stored XSS and Iframe Sandbox Escape via Data Connector Script in DataSet
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
CVE-2026-42558
CVE-2026-42558 affects Xibo CMS (prior to 4.4.2). A vulnerability chain combining Stored XSS and an Iframe sandbox escape via the Data Connector Script in DataSet can be exploited by an authorized user who has DataSet permissions and the ability to add DataSets to layouts. The issue requires the ...
EUVD-2026-36170
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector...
Xibo 跨站脚本漏洞
Xibo is a digital signage content management tool developed by Dan Garner. Versions of Xibo prior to 4.4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored XSS attacks and an Iframe sandbox escape chain, which could allow users with DataSet permissions to use...
CVE-2026-47901 Iframe escape by plugins in Logseq
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox, thunderbird
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could allow script execution when the allow-scripts flag is not set. This vulnerability affects Thunderbird version 91.9, Firefox ESR version 91.9, and Firefox version 100...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the iframe Sandbox in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в webkit2gtk
This issue has been addressed through improved enforcement of iframe sandbox rules. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
Astra Linux - уязвимость в webkit2gtk
This issue has been addressed through improved enforcement of iframe sandboxing policies. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policies...
SUSE CVE-2026-8563
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...