Lucene search
K

5125 matches found

SUSE CVE
SUSE CVE
added 2024/06/12 3:20 a.m.2 views

SUSE CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS6.3AI score0.00654EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/06/12 12:0 a.m.4 views

PT-2024-37114

Name of the Vulnerable Software and Affected Versions: LINE client for iOS versions prior to 14.9.0 Description: The in-app browser of the LINE client contains a Universal XSS UXSS vulnerability, allowing for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame fro...

6.1CVSS5.5AI score0.00269EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/12 12:0 a.m.24 views

Oracle Linux 9 : libreoffice (ELSA-2024-3835)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3835 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols - Resolves: rhbz2210193 CVE-2023-0950 Array Index...

8.8CVSS6.8AI score0.65692EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2024/06/11 8:53 p.m.19 views

CVE-2024-5691

The Mozilla Foundation Security Advisory describes this flaw as: By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window...

6.1CVSS6.3AI score0.00654EPSS
Exploits0References5
NVD
NVD
added 2024/06/11 1:15 p.m.22 views

CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS0.00654EPSS
Exploits0References6
OSV
OSV
added 2024/06/11 1:15 p.m.1 views

DEBIAN-CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS6.4AI score0.00654EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/11 12:40 p.m.20 views

CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

5.2AI score0.00654EPSS
Exploits0References6
CVE
CVE
added 2024/06/11 12:40 p.m.321 views

CVE-2024-5691

The CVE-2024-5691 entry describes a vulnerability where an attacker could trick a sandboxed iframe using an X-Frame-Options header to present a button that, if clicked, bypasses sandbox restrictions and opens a new window. Affected products (per the provided documents) include Mozilla Firefox and...

4.7CVSS5.2AI score0.00654EPSS
Exploits0References6Affected Software3
Debian CVE
Debian CVE
added 2024/06/11 12:40 p.m.20 views

CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS6.6AI score0.00654EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2024/06/11 12:0 a.m.16 views

CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS6.8AI score0.00654EPSS
Exploits0References6
OSV
OSV
added 2024/06/11 12:0 a.m.1 views

UBUNTU-CVE-2024-5691

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS7.3AI score0.00654EPSS
Exploits0References7
NVD
NVD
added 2024/06/10 8:15 p.m.22 views

CVE-2024-36417

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

9CVSS0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/10 7:55 p.m.20 views

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

5.7CVSS6.2AI score0.00407EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/10 7:55 p.m.20 views

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

5.7CVSS0.00407EPSS
Exploits0References1
CVE
CVE
added 2024/06/10 7:55 p.m.76 views

CVE-2024-36417

SuiteCRM has a stored XSS vulnerability (CVE-2024-36417) where an unverified IFrame injected via input can be used for cross-site scripting and potentially code execution. Affected versions are prior to 7.14.4 and 8.6.1; these releases fix the issue. Remediation: upgrade to 7.14.4 or 8.6.1 (or la...

9CVSS7AI score0.00407EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/10 7:55 p.m.22 views

CVE-2024-36417 SuiteCRM Stored XSS Vulnerability Allows Code Execution via Malicious iFrame

SuiteCRM is an open-source Customer Relationship Management CRM software application. Prior to versions 7.14.4 and 8.6.1, an unverified IFrame can be added some some inputs, which could allow for a cross-site scripting attack. Versions 7.14.4 and 8.6.1 contain a fix for this issue...

5.7CVSS6.2AI score0.00407EPSS
Exploits0References3
Veracode
Veracode
added 2024/06/10 1:58 p.m.23 views

Improper Restriction Of Rendered UI Layers Or Frames (Clickjacking)

zenml is vulnerable to Improper Restriction of Rendered UI Layers or Frames Clickjacking. The vulnerability is due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers, allowing an attacker to embed the application UI within an iframe on a...

6.1CVSS6.6AI score0.00354EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/06/06 9:30 p.m.19 views

Clickjacking in zenml

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

6.1CVSS4.4AI score0.00354EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/06/06 7:15 p.m.15 views

PYSEC-2024-194

A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious...

6.1CVSS6AI score0.00354EPSS
Exploits1References6
Patchstack
Patchstack
added 2024/06/05 2:55 a.m.9 views

WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000024 - Iframe Injection vulnerability

Iframe Injection vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Insert or Embed Articulate Content into WordPress versions = 4.3000000024...

5.4CVSS7.3AI score0.00202EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder