CVE-2024-3166

Summary: CVE-2024-3166 affects mintplex-labs/anything-llm, including desktop v1.2.0 to v1.4.1 and the web app. The vulnerability is an XSS in the feature that fetches and embeds external website content into workspaces, with a route to Remote Code Execution in the desktop app due to Electron sett...

CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm

A Cross-Site Scripting XSS vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, whic...

DEBIAN-CVE-2021-43543

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Design/Logic Flaw

An issue was discovered in Verint Impact 360 15.1. At wfo/help/helppopup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this produc...

CVE-2019-12773

The CVE-2019-12773 issue affects Verint Impact 360 15.1, specifically the wfo/help/help_popup.jsp page where the helpURL parameter can be manipulated to embed arbitrary content inside an iframe. Root cause is improper handling of the helpURL parameter, enabling an attacker to craft a link that co...

mybb -- vulnerabilities

mybb Team reports: High risk: Image and URL MyCode Persistent XSS Medium risk: Multipage Reflected XSS Low risk: ACP logs XSS Low risk: Arbitrary file deletion via ACP’s Settings Low risk: Login CSRF Low risk: Non-video content embedding via Video MyCode...

[SECURITY] Fedora 24 Update: drupal6-emfield-2.7-1.fc24

This extensible module will create fields for content types that can be use d to display video, image, and audio files from various third party providers. W hen entering the content, the user will simply paste the URL or embed code from the third party, and the module will automatically determine...

[SECURITY] Fedora 22 Update: drupal6-emfield-2.7-1.fc22

This extensible module will create fields for content types that can be use d to display video, image, and audio files from various third party providers. W hen entering the content, the user will simply paste the URL or embed code from the third party, and the module will automatically determine...

SA-CONTRIB-2010-112 - oEmbed - Access Bypass

The oEmbed module allows a Drupal site to embed content from oEmbed-providers as well as for a site to become an oEmbed-provider itself so that other oEmbed-enabled websites can embed its content. If an external site requested to embed a node, the oEmbed provider did not check node access,...