Lucene search
K

5125 matches found

Snyk
Snyk
added 2025/09/03 11:44 a.m.0 views

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the iframe element. An attacker can execute unauthorized scripts in the context of a user's browser by embedding the application within a malicious frame. Note: This is only...

3.1CVSS7AI score0.00323EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.4 views

PT-2025-35714

Name of the Vulnerable Software and Affected Versions: Akinsoft LimonDesk versions s1.02.14 through s1.02.16 Description: An improper restriction of rendered UI layers or frames issue exists in Akinsoft LimonDesk, allowing for iFrame overlay and clickjacking attacks CAPEC - 103. Recommendations:...

4.3CVSS6.5AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.4 views

LimonDesk 安全漏洞

LimonDesk is a real-time chat, work order ticketing, and other features from LimonDesk Turkey. A security vulnerability exists in LimonDesk s1.02.14 through versions prior to v1.ylabel17, which stems from an improperly restricted rendering UI layer or frame, which could lead to iframe overrides a...

4.3CVSS6.6AI score0.00166EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-17472

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a...

9.6CVSS8.1AI score0.01487EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2018-4319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12,...

8.1CVSS7.7AI score0.01075EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-1801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update...

6.5CVSS7.1AI score0.01515EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-1765

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update...

6.5CVSS7.4AI score0.01408EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-28439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media...

6.1CVSS7AI score0.00725EPSS
Exploits0References3
CNVD
CNVD
added 2025/08/26 12:0 a.m.3 views

Mozilla Firefox for Android Information Disclosure Vulnerability (CNVD-2025-19560)

Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. An information disclosure vulnerability exists in Mozilla Firefox for Android prior to version 141, which originates from a sandboxed iframe without the allow-downloads attribute that can...

9.8CVSS6AI score0.00423EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/26 12:0 a.m.5 views

Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2025-19562)

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which stems from a sandboxed iframe that may bypass restrictions on downloading files to the device. An...

9.8CVSS6.5AI score0.00449EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-30744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and...

6.1CVSS6.3AI score0.01033EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2016-10245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1CVSS6.5AI score0.01823EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.4 views

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References1
NVD
NVD
added 2025/08/22 4:15 p.m.4 views

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

6.1CVSS0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.15 views

CVE-2025-49422

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...

9.8CVSS5.9AI score0.00425EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.10 views

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

0.00188EPSS
Exploits0References2
CVE
CVE
added 2025/08/22 12:0 a.m.15 views

CVE-2025-50733

NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...

6.1CVSS5.8AI score0.00188EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.3 views

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

5.8AI score0.00188EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.4 views

PT-2025-34377 · Nextchat · Nextchat

Name of the Vulnerable Software and Affected Versions: NextChat affected versions not specified Description: NextChat contains a cross-site scripting XSS issue in the HTMLPreview component of artifacts.tsx. This allows attackers to execute arbitrary JavaScript code when HTML content is rendered i...

6.1CVSS6AI score0.00188EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/08/21 9:23 p.m.4 views

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...

9.8CVSS5.8AI score0.00423EPSS
Exploits0References1
Rows per page
Query Builder