Lucene search
K

5125 matches found

SUSE CVE
SUSE CVE
added 2024/09/28 2:54 a.m.3 views

SUSE CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

6.5CVSS6.9AI score0.00638EPSS
Exploits0References14
OSV
OSV
added 2024/09/17 12:15 a.m.2 views

DEBIAN-CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

6.5CVSS7AI score0.00638EPSS
Exploits0References1
OSV
OSV
added 2024/09/17 12:15 a.m.22 views

CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin...

6.5CVSS5.8AI score
Exploits0References11
NVD
NVD
added 2024/09/17 12:15 a.m.23 views

CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

6.5CVSS0.00638EPSS
Exploits0References11
OSV
OSV
added 2024/09/17 12:15 a.m.3 views

UBUNTU-CVE-2024-44187

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, visionOS 2, watchOS 11. A malicious website may exfiltrate data cross-origin...

6.5CVSS6.8AI score0.00638EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.5 views

PT-2024-30990 · Apple · Ipados +4

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 18 iOS versions prior to 17.7.1 iPadOS versions prior to 17.7.1 macOS versions prior to Sequoia 15 watchOS versions prior to 11 Description: A custom URL scheme handling issue was addressed with improved input...

6.5CVSS6AI score0.00517EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.3 views

PT-2024-31020

Name of the Vulnerable Software and Affected Versions Safari version 18 visionOS version 2 watchOS version 11 macOS Sequoia version 15 iOS version 18 iPadOS version 18 tvOS version 18 Description A cross-origin issue existed with iframe elements, allowing a malicious website to exfiltrate data...

9.8CVSS8.5AI score0.21044EPSS
Exploits9References291
Tenable Nessus
Tenable Nessus
added 2024/09/10 12:0 a.m.10 views

NewStart CGSL MAIN 6.02 : webkit2gtk3 Multiple Vulnerabilities (NS-SA-2024-0053)

The remote NewStart CGSL host, running version MAIN 6.02, has webkit2gtk3 packages installed that are affected by multiple vulnerabilities: - A use-after-free issue was found in the AudioSourceProviderGStreamer class of WebKitGTK and WPE WebKit in versions prior to 2.30.5. Processing maliciously...

9.8CVSS7.2AI score0.16342EPSS
Exploits11References115
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.171 views

Internet Explorer Iframe Sandbox File Name Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Internet Explorer Iframe Sandbox File Name Disclosure Vulnerability', 'Description' = %q It was found that Internet Explorer allows the disclosur...

2.5CVSS7AI score0.35331EPSS
Exploits2
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.190 views

Android Stock Browser Iframe Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Android Stock Browser Iframe DOS", 'Description' = %q This module exploits a vulnerability in the native browser that comes with Android 4.0.3. I...

5CVSS7.1AI score0.06448EPSS
Exploits3
The Hacker News
The Hacker News
added 2024/08/29 3:59 p.m.52 views

Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would...

9.6CVSS9.5AI score0.29179EPSS
Exploits6
Patchstack
Patchstack
added 2024/08/29 1:0 a.m.6 views

WordPress Funnel Kit Funnel Builder PRO plugin <= 3.4.5 Authenticated(Contributor+) Stored Cross-Site Scripting via allow_iframe_tag_in_post vulnerability

WordPress Funnel Kit Funnel Builder PRO plugin = 3.4.5 AuthenticatedContributor+ Stored Cross-Site Scripting via allowiframetaginpost vulnerability discovered by Francesco Carlucci in WordPress Plugin Funnel Kit Funnel Builder PRO versions = 3.4.5...

6.4CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.7 views

PT-2024-16368 · WordPress · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder Pro plugin for WordPress versions up to, and including, 3.4.5 Description: The issue is related to Stored Cross-Site Scripting, where the allow iframe tag in post function uses the wp kses allowed html filter to...

6.4CVSS6.2AI score0.00248EPSS
Exploits0References10
OSV
OSV
added 2024/08/23 11:8 a.m.4 views

OESA-2024-2013 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked ...

4.7CVSS8.4AI score0.00654EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2024/08/06 12:0 a.m.27 views

firefox -- multiple vulnerabilities

[email protected] reports: Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker able to inject an HTML element could have used a DOM Clobbering attack...

6.6AI score
Exploits0References4
OSV
OSV
added 2024/08/01 11:17 a.m.11 views

BIT-DISCOURSE-2024-39320 Discourse allows iframe injection though default site setting

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS6.1AI score0.0036EPSS
Exploits0References4
NVD
NVD
added 2024/07/30 3:15 p.m.37 views

CVE-2024-39320

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS0.0036EPSS
Exploits0References3
CVE
CVE
added 2024/07/30 2:33 p.m.63 views

CVE-2024-39320

CVE-2024-39320 affects Discourse. According to the connected Red Hat and OSV entries, the vulnerability allows an attacker to inject iframes from any domain by bypassing the allowed_iframes setting. The issue is fixed in Discourse versions 3.2.5 and 3.3.0.beta5. The available sources confirm the ...

6.1CVSS6.1AI score0.0036EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/07/30 2:33 p.m.31 views

CVE-2024-39320 Discourse allows iframe injection though default site setting

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS0.0036EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/30 2:33 p.m.18 views

CVE-2024-39320 Discourse allows iframe injection though default site setting

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS6.6AI score0.0036EPSS
Exploits0References3
Rows per page
Query Builder