3 matches found
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the embeds property of response messages, which is loaded into an iFrame with an insufficiently restrictive sandbox. An attacker can execute arbitrary JavaScript in the context of...
EUVD-2009-1309
Malware in sbrugna...
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
Summary A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Details In...