Lucene search
K

13 matches found

RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.7 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 3:34 p.m.5 views

EUVD-2026-9031

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2026/02/27 3:16 p.m.11 views

CVE-2026-3327

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS0.00322EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/27 2:9 p.m.7 views

CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection

Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 2:9 p.m.15 views

CVE-2026-3327

This CVE concerns the DatoCMS Web Previews plugin, where an authenticated user can perform an iframe injection by bypassing the frontend URL restriction. The root cause is an insecure handling of embedded resources in the Web Previews feature, affecting versions earlier than 1.0.31. Impact is the...

4.8CVSS6.1AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:17 p.m.4 views

CVE-2021-41114

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the...

5.3CVSS5.5AI score0.02662EPSS
Exploits0References1
OSV
OSV
added 2024/06/17 7:28 p.m.8 views

CVE-2024-37895 API Key Leak in lobe-chat

Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issu...

5.7CVSS5.6AI score0.00546EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.4 views

SUSE CVE-2016-5144

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

9.8CVSS9AI score0.01698EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2016/08/09 5:1 a.m.8 views

chromium-browser: Parameter sanitization failure in DevTools

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

9.8CVSS7.4AI score0.01698EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/06/17 12:0 a.m.9 views

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions.

The vulnerability of the WebKit/Source/devtools/frontend/devtools.js module of the Developer Tools subsystem in the Google Chrome browser’s Blink component arises from the lack of a guarantee that the parameter remoteFrontendUrl will correspond to the address chrome-devtools-frontend.appspot.com...

4.3CVSS7AI score0.01379EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2016/06/06 12:0 a.m.4 views

Google Chrome Access Restriction Bypass Vulnerability (CNVD-2016-03836)

Google Chrome is a web browsing tool developed by Google. In versions of Google Chrome prior to 51.0.2704.79, Blink/DevTools/WebKit/Source/devtools/frontend/devtools.js does not ensure that the remoteFrontendUrl parameter is associated with the chrome-devtools- frontend.appspot.com URL associatio...

6.5CVSS9.1AI score0.01379EPSS
Exploits0References1
OSV
OSV
added 2016/06/05 11:59 p.m.3 views

CVE-2016-1699

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

6.5CVSS7AI score0.01379EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2016/06/02 6:0 p.m.6 views

chromium-browser: parameter sanitization failure in devtools

WebKit/Source/devtools/frontend/devtools.js in the Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 51.0.2704.79, does not ensure that the remoteFrontendUrl parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to...

6.5CVSS7.4AI score0.01379EPSS
Exploits0References5
Rows per page
Query Builder