Lucene search
K

75 matches found

CVE
CVE
added 2024/03/26 1:23 p.m.76 views

CVE-2024-29203

TinyMCE contains a cross-site scripting (XSS) vulnerability in its content insertion code that can allow iframe elements to execute malicious scripts. The issue is mitigated by upgrading to TinyMCE v6.8.1 or newer; multiple advisories also note that patches and later versions (e.g., 7.0.0+) addre...

6.1CVSS4.3AI score0.00722EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.2 views

SUSE CVE-2010-1993

Opera 9.52 does not properly handle an IFRAME element with a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service resource consumption via an HTML document with many IFRAME elements...

5CVSS6.7AI score0.02279EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.59 views

Rocky Linux 8 : GNOME (RLSA-2021:4381)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4381 advisory. - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted...

9.8CVSS7.2AI score0.14542EPSS
Exploits8References98
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.4 views

The vulnerability of elements in iframe modules for web page rendering in WebKitGTK and WPE WebKit allows attackers to exploit it to compromise the integrity of web page data. This vulnerability is related to the lack of protection for the structure of web pages.

The vulnerability of elements in iframe modules for displaying web pages in WebKitGTK and WPE WebKit is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to compromise data integrity through malicious web content...

6.1CVSS6.7AI score0.01068EPSS
Exploits0References8Affected Software5
Prion
Prion
added 2021/09/08 2:15 p.m.32 views

Cross site scripting

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

4.3CVSS6AI score0.01068EPSS
Exploits0References5Affected Software6
Cvelist
Cvelist
added 2021/09/08 1:44 p.m.25 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.3AI score0.01068EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2021/09/08 1:44 p.m.77 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS6.5AI score0.01068EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/07/27 12:0 a.m.52 views

CVE-2021-30744

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...

6.1CVSS6.5AI score0.01068EPSS
Exploits0References2
CVE
CVE
added 2020/10/27 7:47 p.m.59 views

CVE-2019-8754

CVE-2019-8754 describes a cross-origin iframe issue in macOS components. The root cause is a cross-origin security origins tracking flaw that could allow a malicious HTML document to render iframes containing sensitive user information. Apple patched this in macOS Catalina 10.15.1 and Security Up...

6.5CVSS6.5AI score0.00439EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/06/30 2:15 p.m.6 views

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

5.3CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2019/04/03 6:29 p.m.9 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS7.8AI score
Exploits0References5
Prion
Prion
added 2019/04/03 6:29 p.m.19 views

Cross site scripting

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

5.8CVSS7.2AI score0.01075EPSS
Exploits0References5Affected Software4
Cvelist
Cvelist
added 2019/04/03 5:43 p.m.22 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

7.8AI score0.01075EPSS
Exploits0References5
CVE
CVE
added 2019/04/03 5:43 p.m.153 views

CVE-2018-4319

CVE-2018-4319 describes a cross-origin issue in iframe handling resolved by improved tracking of security origins in WebKit-based components. Affected products include Safari/WebKit on iOS before iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7. Apple security pag...

8.1CVSS7.4AI score0.01075EPSS
Exploits0References5Affected Software4
Imperva Blog
Imperva Blog
added 2019/03/07 7:0 p.m.70 views

Mapping Communication Between Facebook Accounts Using a Browser-Based Side Channel Attack

A now-patched vulnerability in the web version of Facebook Messenger allowed any website to expose who you have been messaging with. In a previous post, I showed how your Facebook likes, location history, and other metadata could have been extracted from your Facebook account using a side-channel...

6.7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2018/09/28 12:0 a.m.30 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS7.2AI score0.01075EPSS
Exploits0References4
Kaspersky
Kaspersky
added 2018/09/12 12:0 a.m.525 views

KLA11323 Multiple vulnerabilities in Apple iTunes

Multiple serious vulnerabilities were found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, perform cross-site scripting attack, read local files. Below is a complete list of...

8.8CVSS9.6AI score0.10593EPSS
Exploits18References4
Prion
Prion
added 2018/08/23 5:29 a.m.16 views

Remote code execution

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

6.8CVSS8.2AI score0.10427EPSS
Exploits4References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/12/27 5:8 p.m.3 views

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

6.1CVSS6AI score0.00942EPSS
Exploits2References2
UbuntuCve
UbuntuCve
added 2016/09/11 10:59 a.m.22 views

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

6.5CVSS6.9AI score0.01472EPSS
Exploits0References2
Rows per page
Query Builder