5125 matches found
CVE-2024-34805 WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0...
CVE-2024-34805 WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0...
CVE-2024-34805
CVE-2024-34805 is an stored XSS in the Webvitaly iFrame plugin (WordPress). The root cause is improper neutralization of input during web page generation, enabling stored cross-site scripting in iFrame output. Affected range is iFrame: from n/a through 5.0. Public feeds indicate this vulnerabilit...
WordPress Plugin iFrame 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...
WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Byeongjun Jo Patchstack Alliance in WordPress Plugin iFrame versions = 5.0...
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection
Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. PoC 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the...
WordPress iFrame Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)
Software iFrame Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34805 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3924012615ac Credits Byeongjun Jo Required privilege Contributor Publish...
Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection
Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the reque...
PT-2024-16653 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 126 Description: A malicious website could include an iframe with a malformed URI, resulting in a non-exploitable browser crash. Recommendations: For Firefox versions prior to 126, update to version 126 or later to...
RHEL 7 : thunderbird (RHSA-2023:1401)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1401 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fixes: Mozilla:...
mediatheque.crans-montana.ch IFRAME Injection vulnerability OBB-3921938
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-47774 WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability
Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7...
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Summary A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. Poc Inserting an embed with the below url can be copy/pasted onto canvas to insert as embed will log 42 to the console:...
CVE-2024-32472
The CVE-2024-32472 entry details a stored XSS in Excalidraw’s web embeddable component. Two vectors exist: (1) untrusted content rendered as an iframe srcdoc without proper HTML sanitization, and (2) improper sanitization against attribute HTML injection, exacerbated by allow-same-origin in the s...
PT-2024-24599 · Unknown · Excalidraw
Name of the Vulnerable Software and Affected Versions: Excalidraw versions 0.16.x through 0.17.5 Excalidraw version 0.16.3 and earlier Description: A stored XSS vulnerability in Excalidraw's web embeddable component allows arbitrary JavaScript to be run in the context of the domain where the edit...
keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS
A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...
CVE-2024-32079
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...
CVE-2024-32079
CVE-2024-32079 affects the Advanced iFrame WordPress plugin. The Connected Wordfence entry specifies an authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode in Advanced iFrame (