5125 matches found
CVE-2024-32079 WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...
CVE-2024-32079 WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2024.2...
PT-2024-24383 · Unknown · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame versions n/a through 2024.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject...
WordPress Plugin Advanced iFrame 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in...
OESA-2024-1405 mozjs78 security update
SpiderMonkey is the code-name for Mozilla Firefox's C++ implementation of JavaScript. It is intended to be embedded in other applications that provide host environments for JavaScript. Security Fixes: When copying a network request from the developer tools panel as a curl command the output was n...
WordPress Advanced iFrame plugin <= 2024.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Byeongjun Jo Patchstack Alliance in WordPress Plugin Advanced iFrame versions = 2024.2...
WordPress Advanced iFrame Plugin <= 2024.2 is vulnerable to Cross Site Scripting (XSS)
Software Advanced iFrame Type Plugin Vulnerable versions = 2024.2 Fixed in 2024.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32079 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 10754c0bcfa4 Credits Byeongjun Jo Required privilege...
Cross-Site Scripting (XSS)
TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper iframe restrictions, which allows an attacker add an iframe element with malicious code which will execute upon insertion. Note that malicious code will be sandboxed due to same-origin browser protections...
UBUNTU-CVE-2024-29203
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...
Cross-site Scripting (XSS)
Overview TinyMCE is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via iframe elements inserted into the editor. Attacks are limited by same-origin browser protections, but downloading files is still possible...
CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...
CVE-2024-29203
TinyMCE contains a cross-site scripting (XSS) vulnerability in its content insertion code that can allow iframe elements to execute malicious scripts. The issue is mitigated by upgrading to TinyMCE v6.8.1 or newer; multiple advisories also note that patches and later versions (e.g., 7.0.0+) addre...
CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...
CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...
CVE-2024-29203
Removed by vendor...
Tiny Technologies TinyMCE 安全漏洞
Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, USA. A security vulnerability exists in TinyMCE versions prior to 6.8.1, which stems from a cross-site scripting XSS vulnerability in the iframe element...
CVE-2024-28196 Clickjacking in your_spotify
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as...
BIT-DISCOURSE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...
BIT-DRUPAL-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
CVE-2024-1341
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...