Lucene search
K

5125 matches found

Cvelist
Cvelist
added 2024/05/16 3:50 p.m.23 views

CVE-2024-34805 WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0...

6.5CVSS6.9AI score0.0026EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/16 3:50 p.m.14 views

CVE-2024-34805 WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Webvitaly iFrame allows Stored XSS.This issue affects iFrame: from n/a through 5.0...

6.5CVSS6.8AI score0.0026EPSS
Exploits0References1
CVE
CVE
added 2024/05/16 3:50 p.m.58 views

CVE-2024-34805

CVE-2024-34805 is an stored XSS in the Webvitaly iFrame plugin (WordPress). The root cause is improper neutralization of input during web page generation, enabling stored cross-site scripting in iFrame output. Affected range is iFrame: from n/a through 5.0. Public feeds indicate this vulnerabilit...

6.5CVSS6.6AI score0.0026EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/16 12:0 a.m.3 views

WordPress Plugin iFrame 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6AI score0.0026EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/05/14 9:35 a.m.4 views

WordPress iframe plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Byeongjun Jo Patchstack Alliance in WordPress Plugin iFrame versions = 5.0...

6.5CVSS6.1AI score0.0026EPSS
Exploits0Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/14 12:0 a.m.23 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. PoC 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the...

5.4CVSS6.6AI score0.00202EPSS
Exploits2References1
Patchstack
Patchstack
added 2024/05/14 12:0 a.m.9 views

WordPress iFrame Plugin <= 5.0 is vulnerable to Cross Site Scripting (XSS)

Software iFrame Type Plugin Vulnerable versions = 5.0 Fixed in 5.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34805 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 3924012615ac Credits Byeongjun Jo Required privilege Contributor Publish...

6.5CVSS6.6AI score0.0026EPSS
Exploits0References2Affected Software1
wpexploit
wpexploit
added 2024/05/14 12:0 a.m.189 views

Insert or Embed Articulate Content into WordPress <= 4.3000000023 - Iframe Injection

Description The plugin lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page. 1 Create a new post 2 Add and e-Learning block and upload a zip file 3 Select the "Insert As: Iframe" option 4 Intercept the reque...

5.4CVSS6.8AI score0.00202EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.1 views

PT-2024-16653 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 126 Description: A malicious website could include an iframe with a malformed URI, resulting in a non-exploitable browser crash. Recommendations: For Firefox versions prior to 126, update to version 126 or later to...

6.5CVSS6.7AI score0.00389EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/04/28 12:0 a.m.17 views

RHEL 7 : thunderbird (RHSA-2023:1401)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1401 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fixes: Mozilla:...

8.8CVSS8AI score0.00713EPSS
Exploits0References12
Openbugbounty
Openbugbounty
added 2024/04/25 5:41 p.m.15 views

mediatheque.crans-montana.ch IFRAME Injection vulnerability OBB-3921938

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/04/24 3:58 p.m.18 views

CVE-2023-47774 WordPress Jetpack plugin < 12.7 - Auth. Iframe Injection vulnerability

Improper Restriction of Rendered UI Layers or Frames vulnerability in Automattic Jetpack allows Clickjacking.This issue affects Jetpack: from n/a before 12.7...

5.4CVSS6.9AI score0.00272EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/04/17 9:32 p.m.32 views

Stored Cross-site Scripting (XSS) in excalidraw's web embed component

Summary A stored XSS vulnerability in Excalidraw's web embeddable component. This allows arbitrary JavaScript to be run in the context of the domain where the editor is hosted. Poc Inserting an embed with the below url can be copy/pasted onto canvas to insert as embed will log 42 to the console:...

6.1CVSS5.8AI score0.00561EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2024/04/17 9:23 p.m.73 views

CVE-2024-32472

The CVE-2024-32472 entry details a stored XSS in Excalidraw’s web embeddable component. Two vectors exist: (1) untrusted content rendered as an iframe srcdoc without proper HTML sanitization, and (2) improper sanitization against attribute HTML injection, exacerbated by allow-same-origin in the s...

6.1CVSS6.1AI score0.00561EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.5 views

PT-2024-24599 · Unknown · Excalidraw

Name of the Vulnerable Software and Affected Versions: Excalidraw versions 0.16.x through 0.17.5 Excalidraw version 0.16.3 and earlier Description: A stored XSS vulnerability in Excalidraw's web embeddable component allows arbitrary JavaScript to be run in the context of the domain where the edit...

6.1CVSS6.6AI score0.00561EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2024/04/16 8:4 p.m.11 views

keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...

7.4CVSS5.7AI score0.00448EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/16 7:55 p.m.8 views

keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...

7.4CVSS5.7AI score0.00448EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/16 7:55 p.m.2 views

keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkLoginIframe leads to DDoS

A flaw was found in Keycloak's OIDC component in the "checkLoginIframe," which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the application's availability without proper origi...

7.4CVSS5.7AI score0.00448EPSS
Exploits0References4
NVD
NVD
added 2024/04/15 7:15 a.m.17 views

CVE-2024-32079

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...

6.5CVSS6.4AI score0.00339EPSS
Exploits0References1
CVE
CVE
added 2024/04/15 7:9 a.m.61 views

CVE-2024-32079

CVE-2024-32079 affects the Advanced iFrame WordPress plugin. The Connected Wordfence entry specifies an authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode in Advanced iFrame (

6.5CVSS5.2AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder