Lucene search
K

5125 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-102.5.0-1.el8.ML.1 (AXSA:2023-4657:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-4657:01 advisory. Mozilla: Service Workers might have learned size of cross-origin media files CVE-2022-45403 Mozilla: Fullscreen notification bypass CVE-2022-45404...

9.8CVSS5.8AI score0.01061EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : firefox-102.9.0-3.0.1.el7.AXS7 (AXSA:2023-5237:14)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5237:14 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

8.8CVSS8.4AI score0.00713EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : GNOME (AXSA:2022-2953:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2953:01 advisory. webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution CVE-2020-13558 LibRaw: Stack buffer overflow in...

9.8CVSS8.1AI score0.14542EPSS
Exploits8References30
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : firefox-91.9.0-1.el8.ML.1 (AXSA:2022-3174:10)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3174:10 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...

9.8CVSS8.5AI score0.01005EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : thunderbird-91.9.0-3.el9.ML.1 (AXSA:2022-3963:16)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3963:16 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...

9.8CVSS7.8AI score0.01005EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : firefox-91.9.0-1.0.1.el7.AXS7 (AXSA:2022-3176:11)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3176:11 advisory. Mozilla: Bypassing permission prompt in nested browsing contexts CVE-2022-29909 Mozilla: iframe Sandbox bypass CVE-2022-29911 Mozilla: Fullscreen...

9.8CVSS8.5AI score0.01005EPSS
Exploits3References7
Patchstack
Patchstack
added 2026/01/19 8:6 a.m.6 views

WordPress Advanced iFrame plugin <= 2025.10 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin Advanced iFrame versions = 2025.10...

6.5CVSS5.4AI score0.00161EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : firefox-128.10.0-1.el9_6.ML.1 (AXSA:2025-10467:22)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10467:22 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing...

9.1CVSS7.2AI score0.00538EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/10 5:40 a.m.5 views

CVE-2026-21873

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...

7.2CVSS7AI score0.00233EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:54 a.m.9 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS6.1AI score0.01075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.8 views

CVE-2022-37244

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection...

5.4CVSS6.9AI score0.00464EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:55 a.m.10 views

CVE-2020-12696

The iframe plugin before 4.5 for WordPress does not sanitize a URL...

6.1CVSS7AI score0.02006EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4775

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advancediframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS6.8AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.6 views

CVE-2024-34805

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0...

6.5CVSS6.7AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.4 views

CVE-2024-39320

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS6.8AI score0.0036EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/08 8:16 p.m.4 views

Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pushstate event listener, which allows manipulation of the URL fragment identifier. An attacker can execute arbitrary JavaScript i...

7.2CVSS5.5AI score0.00233EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/08 8:16 p.m.10 views

NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS

Summary An unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. Details The problem is traced as follows: 1. On pushstate, handleStateEvent is...

7.2CVSS6.5AI score0.00233EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/01/08 8:16 p.m.4 views

GHSA-MHPG-C27V-6MXR NiceGUI apps which use `ui.sub_pages` vulnerable to zero-click XSS

Summary An unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. Details The problem is traced as follows: 1. On pushstate, handleStateEvent is...

7.2CVSS6.4AI score0.00233EPSS
Exploits1References4
NVD
NVD
added 2026/01/08 10:15 a.m.60 views

CVE-2026-21873

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...

7.2CVSS0.00233EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/08 9:50 a.m.2 views

CVE-2026-21873 Zero-click XSS in all NiceGUI apps which uses `ui.sub_pages`

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.subpages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been...

7.2CVSS6.6AI score0.00233EPSS
Exploits1References2
Rows per page
Query Builder