5125 matches found
Fedora 42 : pandoc (2025-07fdd73bf0)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-07fdd73bf0 advisory. update MANUAL to cover threat related to user HTML iframe Tenable has extracted the preceding description block directly from the Fedora security advisory...
Linux Distros Unpatched Vulnerability : CVE-2022-22759
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event...
Linux Distros Unpatched Vulnerability : CVE-2022-22743
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode...
Linux Distros Unpatched Vulnerability : CVE-2022-25276
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain...
MAL-2025-14465 Malicious code in ams-iframe-injector (npm)
The package ams-iframe-injector was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in @hopper-b2b/uber-iframe (npm)
The package @hopper-b2b/uber-iframe was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Malicious code in ams-iframe-injector (npm)
The package ams-iframe-injector was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-8070 Malicious code in @hopper-b2b/uber-iframe (npm)
The package @hopper-b2b/uber-iframe was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
Linux Distros Unpatched Vulnerability : CVE-2024-5691
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to...
Linux Distros Unpatched Vulnerability : CVE-2023-28164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2017-7791
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofin...
Linux Distros Unpatched Vulnerability : CVE-2023-23601
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability...
Linux Distros Unpatched Vulnerability : CVE-2023-25728
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a...
Linux Distros Unpatched Vulnerability : CVE-2024-6608
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This...
Linux Distros Unpatched Vulnerability : CVE-2024-10460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The origin of an external protocol handler prompt could have been obscured using a data: URL within an iframe. This vulnerability affects Firefox 132, Firefox E...
Linux Distros Unpatched Vulnerability : CVE-2017-7788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy CS...
Linux Distros Unpatched Vulnerability : CVE-2024-0747
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...
Linux Distros Unpatched Vulnerability : CVE-2021-4140
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox 96, and...
CVE-2025-54527
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...
CVE-2025-54527
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...