Lucene search
+L

7 matches found

nvd
nvd
added 2026/05/15 10:16 p.m.37 views

CVE-2026-45303

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an...

7.7CVSS0.00217EPSS
Exploits1References1
nvd
nvd
added 2025/11/11 1:15 a.m.7 views

CVE-2025-42893

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...

6.1CVSS0.00223EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/11/11 12:17 a.m.3 views

CVE-2025-42893 Open Redirect vulnerability in SAP Business Connector

Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site displayed within an embedded frame. Successful exploitation could allow the attacker to steal...

6.1CVSS6AI score0.00223EPSS
Exploits0References2
cve
cve
added 2025/11/11 12:17 a.m.16 views

CVE-2025-42893

The CVE-2025-42893 issue is an Open Redirect in SAP Business Connector. An unauthenticated attacker can craft a URL that, when visited by a victim, redirects to an attacker-controlled site displayed in an embedded frame. This can lead to disclosure of sensitive information and unauthorized action...

6.1CVSS6.1AI score0.00223EPSS
Exploits0References2Affected Software1
prion
prion
added 2009/04/22 6:30 p.m.26 views

Code injection

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...

4.3CVSS6.5AI score0.02313EPSS
Exploits1References28Affected Software2
cvelist
cvelist
added 2009/04/22 6:0 p.m.24 views

CVE-2009-1311

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...

7.4AI score0.02313EPSS
Exploits1References28
redhat
redhat
added 2009/04/21 11:44 p.m.7 views

Firefox POST data sent to wrong site when saving web page with embedded frame

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODEFILEONLY save of the inner frame...

4.3CVSS7.4AI score0.02313EPSS
Exploits1References4
Rows per page
Query Builder