PT-2018-13880 · Go · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions prior to 2018-07-13 Description: The issue is related to the HTML parser mishandling "in frameset" insertion mode. This can lead to a panic when parsing malformed HTML that contains tags, potentially...

Zomato: URL is vulnerable to clickjacking

The browser has verified the identity: Successfully implemented in IE browser Reproduce steps: URLs do not have X-FRAME-OPTIONS set to DENY or SAMEORIGIN, and they are vulnerable to clickjacking. Run under the browser's code and you will see that the listed links are vulnerable to clickjacking...

Khan Academy: Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking)

Hello Sir/Mam , I was using the html editor in computer programming section , which allowed me to design a webpage. When i use the iframe tag , object tag and embed tag it show me the message that these tags are not allowed for security reasonsmay be cause of clickjacking attack or something but...

CVE-2016-5756

Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl,...

CVE-2017-6061

Cross-site scripting XSS vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. /finance/help/en/frameset.htm is the URI for this component. The vendor response is SAP Securit...

Factlink: Frameset Proxy Problem

I was testing out the proxy pages http://fct.li, http://staging.fct.li and I found that if I create an HTML page with a frameset not to be confused with iframe, then I would be able to get rid of the dialog top right corner that reads: "You're looking at this page through Factlink visit original...

Adobe RoboHelp Frameset-7.HTML Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23878/info RoboHelp is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Blackboard Academic Suite 6.2.3.23 Frameset.JSP Cross-Domain Frameset Loading Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15814/info Blackboard Academic Suite is prone to a cross-domain frameset-loading vulnerability. Successful exploitation may result in various attacks, such as information disclosure and session hijacking. An attacker may...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-3141)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.13, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

openSUSE Security Update : opera (openSUSE-SU-2011:0517-1)

opera 11.11 fixes a security vulnerability. Citing http://www.opera.com/support/kb/view/992/ : Framesets allow web pages to hold other pages inside them. Certain frameset constructs are not handled correctly when the page is unloaded, causing a memory corruption. To inject code, additional...

openSUSE Security Update : seamonkey (seamonkey-3372)

This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

CVE-2012-5948

Multiple cross-site scripting XSS vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 WebProcess.srv, 2 the html/en/default/ directory, 3 Widget/resource, 4 birt/frameset, or 5...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 WebProcess.srv, 2 the html/en/default/ directory, 3 Widget/resource, 4 birt/frameset, or 5...

CVE-2012-5948

Multiple cross-site scripting XSS vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 WebProcess.srv, 2 the html/en/default/ directory, 3 Widget/resource, 4 birt/frameset, or 5...

Opera Browser Multiple Vulnerabilities-01 (Jul 2011) - Mac OS X

Opera browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera Browser Multiple Vulnerabilities-01 (Jul 2011) - Linux

Opera browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Opera 10/11 - Bad Nesting with Frameset Tag Memory Corruption (Metasploit)

Exploit for Opera 10/11 bad nesting with frameset tag Memory Corruption Vulnerability: Discovered: 2010-08-18 Patched: 2011-05-18 Tested on: v10.xx v10.00, v10.01, v10.10, v10.50, v10.51, v10.52, v10.53, v10.54, v10.6, v10.61, v10.62 and v10.63 v11.xx use windows/browser/operaframesettag msf...

Opera 10/11 (bad nesting with frameset tag) Memory Corruption

Exploit for windows platform in category remote exploits Exploit for Opera 10/11 bad nesting with frameset tag Memory Corruption Vulnerability: Discovered: 2010-08-18 Patched: 2011-05-18 Tested on: v10.xx v10.00, v10.01, v10.10, v10.50, v10.51, v10.52, v10.53, v10.54, v10.6, v10.61, v10.62 and...

CVE-2011-2628

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to page unload...

Memory corruption

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to page unload...