5125 matches found
SUSE CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...
DEBIAN-CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin...
CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...
UBUNTU-CVE-2024-44187
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...
PT-2024-30990 · Apple · Ipados +4
Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18 iOS versions prior to 17.7.1 iPadOS versions prior to 17.7.1 macOS versions prior to Sequoia 15 watchOS versions prior to 11 Description: A custom URL scheme handling issue was addressed with improved input...
PT-2024-31020
Name of the Vulnerable Software and Affected Versions Safari version 18 visionOS version 2 watchOS version 11 macOS Sequoia version 15 iOS version 18 iPadOS version 18 tvOS version 18 Description A cross-origin issue existed with iframe elements, allowing a malicious website to exfiltrate data...
NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2024-0053)
The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously...
Internet Explorer Iframe Sandbox File Name Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability', 'Description' = %q It was found that Internet Explorer allows the disclosur...
Android Stock Browser Iframe Denial of Service
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Stock Browser Iframe DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with Android 4.0.3. I...
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack
Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...
WordPress Funnel Kit Funnel Builder PRO plugin <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post vulnerability
WordPress Funnel Kit Funnel Builder PRO plugin = 3.4.5 AuthenticatedContributor+ Stored Cross-Site Scripting via allowiframetaginpost vulnerability discovered by Francesco Carlucci in WordPress Plugin Funnel Kit Funnel Builder PRO versions = 3.4.5...
PT-2024-16368 · WordPress · Funnelkit Funnel Builder
Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder Pro plugin for WordPress versions up to, and including, 3.4.5 Description: The issue is related to Stored Cross-Site Scripting, where the allow iframe tag in post function uses the wp kses allowed html filter to...
OESA-2024-2013 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked ...
firefox -- multiple vulnerabilities
[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...
BIT-DISCOURSE-2024-39320 Discourse allows iframe injection though default site setting
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
CVE-2024-39320
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
CVE-2024-39320
CVE-2024-39320 affects Discourse. According to the connected Red Hat and OSV entries, the vulnerability allows an attacker to inject iframes from any domain by bypassing the allowed_iframes setting. The issue is fixed in Discourse versions 3.2.5 and 3.3.0.beta5. The available sources confirm the ...
CVE-2024-39320 Discourse allows iframe injection though default site setting
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
CVE-2024-39320 Discourse allows iframe injection though default site setting
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...