Lucene search
K

5125 matches found

Vulnrichment
Vulnrichment
added 2024/04/15 7:9 a.m.22 views

CVE-2024-32079 WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...

6.5CVSS5.2AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/04/15 7:9 a.m.20 views

CVE-2024-32079 WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...

6.5CVSS6.6AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/15 12:0 a.m.5 views

PT-2024-24383 · Unknown · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame versions n/a through 2024.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject...

6.5CVSS6.3AI score0.00339EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.4 views

WordPress Plugin Advanced iFrame 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...

6.5CVSS5.9AI score0.00339EPSS
Exploits0References2
OSV
OSV
added 2024/04/12 11:7 a.m.5 views

OESA-2024-1405 mozjs78 security update

SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: When copying a network request from the developer tools panel as a curl command the output was n...

6.5CVSS8.8AI score0.00601EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/11 7:43 a.m.6 views

WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Byeongjun Jo Patchstack Alliance in WordPress Plugin Advanced iFrame versions = 2024.2...

6.5CVSS6.1AI score0.00339EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/11 12:0 a.m.11 views

WordPress Advanced iFrame Plugin <= 2024.2 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.2 Fixed in 2024.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32079 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 10754c0bcfa4 Credits Byeongjun Jo Required privilege...

6.5CVSS6.6AI score0.00339EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/04/01 5:40 a.m.27 views

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper iframe restrictions, which allows an attacker add an iframe element with malicious code which will execute upon insertion. Note that malicious code will be sandboxed due to same-origin browser protections...

4.3CVSS6.4AI score0.00722EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2024/03/26 2:15 p.m.3 views

UBUNTU-CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

6.1CVSS5.9AI score0.00722EPSS
Exploits0References4
Snyk
Snyk
added 2024/03/26 1:40 p.m.2 views

Cross-site Scripting (XSS)

Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via iframe elements inserted into the editor. Attacks are limited by same-origin browser protections, but downloading files is still possible...

6.1CVSS5.3AI score0.00722EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/26 1:23 p.m.28 views

CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

4.3CVSS4.8AI score0.00722EPSS
Exploits0References4
CVE
CVE
added 2024/03/26 1:23 p.m.76 views

CVE-2024-29203

TinyMCE contains a cross-site scripting (XSS) vulnerability in its content insertion code that can allow iframe elements to execute malicious scripts. The issue is mitigated by upgrading to TinyMCE v6.8.1 or newer; multiple advisories also note that patches and later versions (e.g., 7.0.0+) addre...

6.1CVSS4.3AI score0.00722EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/26 1:23 p.m.17 views

CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

4.3CVSS6.3AI score0.00722EPSS
Exploits0References4
OSV
OSV
added 2024/03/26 1:23 p.m.19 views

CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

4.3CVSS5AI score0.00722EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2024/03/26 1:23 p.m.19 views

CVE-2024-29203

Removed by vendor...

6.1CVSS5.1AI score0.00722EPSS
Exploits0
CNNVD
CNNVD
added 2024/03/26 12:0 a.m.4 views

Tiny Technologies TinyMCE 安全漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in TinyMCE versions prior to 6.8.1, which stems from a cross-site scripting XSS vulnerability in the iframe element...

6.1CVSS5.4AI score0.00722EPSS
Exploits0References7
OSV
OSV
added 2024/03/13 5:10 p.m.11 views

CVE-2024-28196 Clickjacking in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as...

6.5CVSS6.3AI score0.00436EPSS
Exploits1References3
OSV
OSV
added 2024/03/06 10:57 a.m.24 views

BIT-DISCOURSE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...

5.4CVSS5AI score0.00359EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 10:52 a.m.14 views

BIT-DRUPAL-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS6.2AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2024/02/29 5:15 a.m.2 views

CVE-2024-1341

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

5.4CVSS7.4AI score0.00282EPSS
Exploits0References2
Rows per page
Query Builder