Lucene search
K

144 matches found

RedHat Linux
RedHat Linux
added 2022/06/30 10:1 p.m.5 views

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

8.8CVSS7.3AI score0.00937EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/01 10:1 p.m.5 views

Mozilla: Browser window spoof using fullscreen mode

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when exiting fullscreen mode, an iframe could have confused the browser about the current state of the fullscreen, resulting in potential user confusion or spoofing attacks...

6.5CVSS7.3AI score0.00584EPSS
Exploits0References4
OSV
OSV
added 2022/04/05 6:15 p.m.5 views

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...

5.4CVSS5.8AI score0.0038EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/21 12:0 a.m.6 views

Github clash 访问控制错误漏洞

Github clash is a rule-based tunnel in Go. A security vulnerability exists in Github clash, which can be exploited by embedding a malicious iframe page into a website with a crafted URL that launches the Clash Windows client and forces it to open a remote SMB share. Windows will perform NTLM...

8.8CVSS8.2AI score0.00634EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2022/02/16 12:0 a.m.7 views

The vulnerability of the iframe element in Mozilla Firefox allows a violator to circumvent the imposed security restrictions.

The vulnerability of the iframe element in Mozilla Firefox and the Mozilla Thunderbird email client is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions by adding an iframe element with a JavaScript event to the...

6.4CVSS6.8AI score0.00743EPSS
Exploits0References11Affected Software5
Positive Technologies
Positive Technologies
added 2022/02/08 12:0 a.m.6 views

PT-2022-6694 · Schneider Electric · Ecostruxure Ev Charging Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure EV Charging Expert versions prior to V4.0.0.13 Description: A vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within...

8.5CVSS7.2AI score0.00938EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.4 views

多款Schneider Electric产品安全漏洞

Schneider Electric EVlink City and others are a charging solution for electric vehicle charging stations from Schneider Electric, a French company. A security vulnerability exists in several Schneider Electric products that originates when a user is induced to use a web interface rendered in...

4.3CVSS5.2AI score0.00651EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.5 views

Collabora Online 跨站脚本漏洞

Collabora Online is an application from Collabora. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. Collabora Online suffers from a cross-site scripting vulnerability that stems from a lack of escaping and filtering of...

8.2CVSS6.1AI score0.00646EPSS
Exploits0References2
Huntr
Huntr
added 2021/08/23 8:10 a.m.7 views

Cross-site Scripting (XSS) - Reflected in erikdubbelboer/phpredisadmin

✍️ Description The application is vulnerable to XFS attack. 🕵️‍♂️ Proof of Concept Navigate to https://domain.tld/phpRedisAdmin/?https://www.eia.gov/state/maps The page https://www.eia.gov/state/maps.php will be loaded in an iframe on the page. 💥 Impact Cross-Frame Scripting XFS is an attack that...

0.8AI score
Exploits0References1
CNNVD
CNNVD
added 2021/07/26 12:0 a.m.3 views

IBM Sterling Connect 安全漏洞

IBM Sterling Connect: Direct is a file-based peer-to-peer file transfer solution from IBM, U.S.A. A clickjacking vulnerability exists in IBM Sterling Connec versions 1.4.1.1 and 1.5.0.2, which stems from a program that does not adequately protect HTML iframes. A remote attacker could exploit The...

5.4CVSS5.6AI score0.00641EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/03/21 12:0 a.m.5 views

The vulnerability in the isolated environment of the Google Chrome browser’s iframe allows a perpetrator to compromise data integrity.

The vulnerability in the isolated iframe environment of Google Chrome relates to improper security checks for standard elements. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

4.3CVSS7AI score0.01709EPSS
Exploits0References14Affected Software5
CNNVD
CNNVD
added 2021/02/17 12:0 a.m.10 views

Containous Traefik Security Vulnerability

Containous Traefik is a reverse proxy and load balancer from Containous USA. A security vulnerability exists in Containous Traefik. The vulnerability stems from the software allowing IFRAME to be loaded from other domains.The following products and versions are affected:Containous Traefik 2.4.3...

5.3CVSS6AI score0.00767EPSS
Exploits0References3
NVD
NVD
added 2019/03/12 8:29 p.m.9 views

CVE-2019-9558

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

6.1CVSS6.1AI score0.00986EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2018/02/07 12:0 a.m.5 views

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to deficiencies in the implementation of SOP (Same-origin policy). These vulnerabilities allow attackers to gain unauthorized access to protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to deficiencies in the implementation of SOP Same-origin policy. Exploiting these vulnerabilities can allow an attacker, operating remotely, to gain unauthorized access to protected information using...

7.5CVSS7.8AI score0.02376EPSS
Exploits1References16Affected Software10
OSV
OSV
added 2017/10/02 12:0 a.m.3 views

UBUNTU-CVE-2017-7815

On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiproce...

5.3CVSS7AI score0.01161EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2016/12/07 7:8 p.m.5 views

chromium-browser: csp referrer disclosure

Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled iframes, which allowed a remote attacker to bypass a no-referrer policy via a crafted HTML page...

4.3CVSS7.4AI score0.01081EPSS
Exploits0References5
CNVD
CNVD
added 2016/01/04 12:0 a.m.3 views

Wordpress plugin iframe cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . A cross-site...

6.1AI score
Exploits0References1
CNVD
CNVD
added 2015/06/09 12:0 a.m.3 views

Eliacom Enhanced SQL Portal 'iframe.php' Cross-Site Scripting Vulnerability

Eliacom Enhanced SQL Portal is a database management system. A cross-site scripting vulnerability in Eliacom Enhanced SQL Portal allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensitive information or hijack user...

6.6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/04/16 8:33 a.m.5 views

chromium-browser: Cross-origin-bypass in HTML parser

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

5CVSS7.4AI score0.01648EPSS
Exploits0References5
OSV
OSV
added 2014/10/14 12:0 a.m.4 views

UBUNTU-CVE-2014-1586

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME...

5CVSS6.9AI score0.02793EPSS
Exploits0References5
Rows per page
Query Builder