Lucene search
K

145 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-1722

Malware in sbrugna...

5CVSS9.2AI score0.02651EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2025/10/06 3:31 a.m.9 views

Duplicate Advisory: Flowise is vulnerable to stored XSS via "View Messages" allows credential theft in FlowiseAI admin panel

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-964p-j4gg-mhwc. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...

8.2CVSS6.2AI score0.13138EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2025/10/06 12:0 a.m.4 views

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise versions prior to 3.0.5 that stems from an unfiltered IFRAME element and could lead to a cross-site scripting attack...

8.2CVSS5.8AI score0.13138EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-42467

Malicious code in bioql PyPI...

4.3CVSS6.9AI score0.00529EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/22 8:9 a.m.12 views

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

6.8CVSS6.2AI score0.0132EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:12 a.m.15 views

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

4.3CVSS5.9AI score0.01343EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:53 p.m.6 views

CVE-2005-4858

Multiple cross-site scripting XSS vulnerabilities in mimic2.cgi in mimicboard2 Mimic2 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the 1 name, 2 title, and 3 comment sections, as demonstrated by referencing a remote...

4.3CVSS6AI score0.01113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/15 6:21 p.m.17 views

CVE-2024-40631 Cross-site Scripting (XSS) in media embed element when using custom URL parsers in plate media

Plate media is an open source, rich-text editor for React. Editors that use MediaEmbedElement and pass custom urlParsers to the useMediaState hook may be vulnerable to XSS if a custom parser allows javascript:, data: or vbscript: URLs to be embedded. Editors that do not use urlParsers and consume...

8.1CVSS6AI score0.00498EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2024/02/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

5.1CVSS6.9AI score0.03248EPSS
Exploits0References1
OSV
OSV
added 2024/01/18 3:30 p.m.17 views

GHSA-5XFX-55X4-J223 Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.7AI score0.00294EPSS
Exploits0References3
NVD
NVD
added 2024/01/18 1:15 p.m.19 views

CVE-2024-0669

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.3AI score0.00294EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/11 12:0 a.m.6 views

Squidex cross-site scripting vulnerability (CNVD-2023-9750454)

squidex is a Headless CMS and content management center. A cross-site scripting vulnerability exists in Squidex versions prior to 7.9.0, which stems from the presence of an incomplete blacklist in the SVG check, and can be exploited by an attacker to conduct a cross-site scripting attack via the...

5.4CVSS6.1AI score0.00569EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.3 views

SUSE CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

4.3CVSS6AI score0.05792EPSS
Exploits2References3
OSV
OSV
added 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

6.5CVSS6.8AI score0.00663EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.53 views

Amazon Linux 2 : thunderbird (ALAS-2022-1900)

The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...

8.8CVSS8.3AI score0.01659EPSS
Exploits0References42
Amazon
Amazon
added 2022/12/06 12:0 a.m.37 views

Important: thunderbird

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 When receiving an HTML email that contained an iframe element, which used a srcdoc...

8.8CVSS8.9AI score0.01659EPSS
Exploits0
Veracode
Veracode
added 2022/09/19 1:0 p.m.28 views

Unsecured File

thunderbird allows unsecured files. The vulnerability exists due to an issue of when receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the internal HTML document, remote objects specified in the nested document for example, images or videos, were no...

6.5CVSS7.2AI score0.00663EPSS
Exploits0References4Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/09/02 12:0 a.m.32 views

Fedora 36 : thunderbird (2022-8bf22a684b)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8bf22a684b advisory. Update to 102.2.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/ Tenable has extracted the preceding description block directly from the...

5.6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2022/09/01 9:54 a.m.28 views

CVE-2022-3034

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document...

6.1CVSS1.6AI score0.00529EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2022/05/20 11:18 p.m.24 views

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

5.3CVSS5.2AI score0.01856EPSS
Exploits1References1
Rows per page
Query Builder