Liferay Portal is vulnerable to XSS in the Blogs widget

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

EUVD-2010-1446

Malware in sbrugna...

EUVD-2011-1794

Malware in sbrugna...

EUVD-2012-4764

Malware in sbrugna...

EUVD-2014-4394

Malware in sbrugna...

EUVD-2013-0247

Malware in sbrugna...

VulnCheck KEV: CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

Mozilla: An iframe element in an HTML email could trigger a network request

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

The vulnerability of the Electron application development software platform arises from access control errors, which allow a hacker to execute arbitrary code.

The vulnerability of the Electron application development software platform stems from access control errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted iframe element...

The vulnerability of the microprogramming software for Micrologix 1100 and 1400 allows a intruder to inject content from an arbitrary file into the FRAME element.

The vulnerability of the microprogrammed logic controllers Micrologix 1100 and 1400 lies in the lack of restrictions on the download of files. Exploiting this vulnerability allows a malicious actor to inject any file content into the FRAME element remotely...

Allen-Bradley MicroLogix Arbitrary File Insertion Vulnerability

Allen-Bradley MicroLogix is a programmable logic controller PLC from Rockwell Automation. An arbitrary file insertion vulnerability exists in Allen-Bradley MicroLogix 1100 before B FRN 15.000 and 1400 before B FRN 15.003. It allows an authenticated remote user to insert the contents of an arbitra...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions.

The vulnerability of the Blink component in Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass existing access restrictions by using a specially crafted HTML document containing an IFRAME element...

CVE-2015-6491

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors...

Code injection

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors...

CVE-2015-6491

Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors...

Unspecified Vulnerability in IBM Leads

IBM Leads is a solution from IBM USA for improving the customer management process. The program provides functions such as finding prospects, assigning customers and sending notifications of new customer information. A security vulnerability exists in IBM Leads that stems from the program's failu...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2015-02620)

Google Chrome is a web browsing tool developed by Google. A security vulnerability exists in the 'ContainerNode::parserRemoveChild' function in the core/dom/ContainerNode.cpp file in the Blink's HTML parser used in Google Chrome versions prior to 42.0.2311.90. ' function in the...

CVE-2011-1796

Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...

CVE-2011-1796

Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...