Lucene search
K

145 matches found

NVD
NVD
added 2018/11/03 4:29 p.m.21 views

CVE-2018-18909

xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...

6.1CVSS6.1AI score0.00865EPSS
Exploits1References1
Prion
Prion
added 2018/06/02 12:29 p.m.15 views

Cross site request forgery (csrf)

An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate...

4.3CVSS6.5AI score0.00416EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/02 12:0 p.m.19 views

CVE-2018-11680

An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate...

6.5AI score0.00416EPSS
Exploits0References1
NVD
NVD
added 2018/06/01 5:29 p.m.21 views

CVE-2018-3755

XSS in sexstatic element used in directory name...

6.1CVSS6.1AI score0.00922EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/06/01 5:0 p.m.24 views

CVE-2018-3755

XSS in sexstatic element used in directory name...

6.1AI score0.00922EPSS
Exploits1References1
NVD
NVD
added 2017/12/27 5:8 p.m.25 views

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

6.1CVSS6.4AI score0.00942EPSS
Exploits2References1
Prion
Prion
added 2017/12/27 5:8 p.m.19 views

Design/Logic Flaw

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

4.3CVSS6.3AI score0.00942EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2017/10/19 9:29 p.m.12 views

Design/Logic Flaw

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

4.3CVSS7AI score0.01446EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2017/09/26 6:29 a.m.20 views

CVE-2017-14744

UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element...

6.1CVSS6.1AI score0.00635EPSS
Exploits0References2
Prion
Prion
added 2017/07/12 8:29 p.m.14 views

Cross site scripting

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can...

4.3CVSS5.9AI score0.00898EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2016/11/02 5:18 p.m.23 views

CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

8.8CVSS8.6AI score0.01489EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/08/05 1:0 a.m.28 views

CVE-2016-5262

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting XSS...

6.9AI score0.01464EPSS
Exploits0References11
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.5 views

The vulnerability of the Firefox browser, which allows a malicious actor to bypass domain restriction rules

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of class functions. Exploiting this vulnerability allows malicious actors to circumvent Domain Restrictions Policy SOP rules and gain access to confidential information through the use of IFrame elements...

6.8CVSS7AI score0.02467EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2016/03/13 6:59 p.m.8 views

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...

4.3CVSS6.3AI score
Exploits0References12
Cvelist
Cvelist
added 2016/03/13 6:0 p.m.21 views

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...

6.5AI score0.02035EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2016/03/08 12:0 a.m.19 views

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...

4.3CVSS6.8AI score0.02035EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2016/01/14 12:0 a.m.7 views

Google Android Market URI Denial of Service (CVE-2012-6301)

A Denial of Service vulnerability has been reported in Google Android. The vulnerability is due to an insufficient validation of URI in the SRC attribute of an IFRAME element. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page...

5CVSS4.5AI score0.06448EPSS
Exploits3
OSV
OSV
added 2015/07/22 12:0 a.m.4 views

UBUNTU-CVE-2015-1284

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

7.5CVSS7.4AI score0.02171EPSS
Exploits0References4
Prion
Prion
added 2015/05/14 10:59 a.m.13 views

Design/Logic Flaw

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...

4.3CVSS6.5AI score0.02099EPSS
Exploits0References7Affected Software2
Cvelist
Cvelist
added 2015/04/19 10:0 a.m.19 views

CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

5.6AI score0.01648EPSS
Exploits0References10
Rows per page
Query Builder