14 matches found
EUVD-2019-13270
Malware in sbrugna...
EUVD-2024-52843
Malicious code in bioql PyPI...
EUVD-2024-1434
Malicious code in bioql PyPI...
EUVD-2025-0110
Malicious code in bioql PyPI...
PT-2025-14838 · Unknown · React-Draft-Wysiwyg
Name of the Vulnerable Software and Affected Versions: react-draft-wysiwyg versions 3.1 and earlier Description: The issue is related to Cross-site Scripting XSS via the Embedded button, which results in saving the payload in the iframe tag. This allows attackers to exploit the vulnerability...
CVE-2025-23205
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...
CVE-2025-23205
CVE-2025-23205 affects nbgrader. Enabling frame-ancestors: 'self' can allow any JupyterHub user to extract content from the formgrader iframe when default JupyterHub config enable_subdomains is False, enabling an attacker to load the formgrader page with another user’s credentials. The issue has ...
CVE-2025-23205 `frame-ancestors: self` grants all users access to formgrader in nbgrader
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomai...
PT-2024-26386 · Tauri · Tauri
Name of the Vulnerable Software and Affected Versions: Tauri versions prior to 1.6.7 Tauri versions prior to 2.0.0-beta.19 Description: The issue allows remote origin iFrames in Tauri applications to access the Tauri IPC endpoints without being explicitly allowed. This bypasses the origin check a...
SUSE CVE-2012-2815
Google Chrome before 20.0.1132.43 allows remote attackers to obtain potentially sensitive information from a fragment identifier by leveraging access to an IFRAME element associated with a different domain...
CVE-2021-32745
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabo...
CVE-2017-7787
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
GLSA-200708-09 : Mozilla products: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200708-09 Mozilla products: Multiple vulnerabilities Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers CVE-2007-3738, a problem with event handlers executing elements outside of the documen...
Code injection
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...