Lucene search
K

5125 matches found

Prion
Prion
added 2024/02/29 5:15 a.m.16 views

Cross site scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

3.6CVSS6AI score0.00282EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/29 4:31 a.m.22 views

CVE-2024-1341 Advanced iFrame <= 2024.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute. This makes it...

4.9CVSS4.9AI score0.00282EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/02/29 12:0 a.m.10 views

WordPress Advanced iFrame Plugin <= 2024.1 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2024.1 Fixed in 2024.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1341 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f4f416259347 Credits Fariq Fadillah Gusti...

5.4CVSS5.7AI score0.00282EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.3 views

WordPress Plugin Advanced iFrame Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS5.8AI score0.00282EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/29 12:0 a.m.16 views

CentOS 9 : libreoffice-7.1.8.1-11.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the libreoffice-7.1.8.1-11.el9 build changelog. - Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an...

7.8CVSS6.7AI score0.65692EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-17960 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to, and including, 2024.1 Description: The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced iframe shortcode. This vulnerability is du...

5.4CVSS5.8AI score0.00282EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/02/28 12:0 a.m.11 views

Advanced iFrame < 2024.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advancediframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additionaljs attribute...

5.4CVSS5.7AI score0.00282EPSS
Exploits0References1Affected Software1
Openbugbounty
Openbugbounty
added 2024/02/27 2:20 p.m.12 views

schultemarineconcept.bs-shipmanagement.com IFRAME Injection vulnerability OBB-3860831

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Snyk
Snyk
added 2024/02/22 4:4 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when a request is made to a file via localhost, such as . By exploiting this vulnerability, an attacker can achieve local file inclusion, allowing of sensitive files read o...

8.8CVSS6.6AI score0.00572EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/20 2:13 p.m.6 views

Cross-site Scripting (XSS)

Overview markdown-to-jsx is a lightweight, customizable React markdown component. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in...

6.1CVSS5.6AI score0.00503EPSS
Exploits1References2
OSV
OSV
added 2024/02/08 6:30 a.m.14 views

GHSA-W275-M8CR-HF2V Liferay Portal denial-of-service vulnerability

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

5.3CVSS5AI score0.00569EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/02/08 6:30 a.m.27 views

Liferay Portal denial-of-service vulnerability

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

6.5CVSS6.2AI score0.00569EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2024/02/08 4:15 a.m.15 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

6.5CVSS4.7AI score0.00569EPSS
Exploits0References1
OSV
OSV
added 2024/02/08 4:15 a.m.27 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

6.5CVSS6.4AI score0.00569EPSS
Exploits0References1
Prion
Prion
added 2024/02/08 4:15 a.m.26 views

Design/Logic Flaw

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

4CVSS6.7AI score0.00569EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2024/02/08 3:25 a.m.17 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

4.1CVSS6.4AI score0.00569EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/08 3:25 a.m.19 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...

4.1CVSS6.3AI score0.00569EPSS
Exploits0References1
CVE
CVE
added 2024/02/08 3:25 a.m.65 views

CVE-2024-25144

The CVE-2024-25144 issue affects Liferay Portal and Liferay DXP via the IFrame widget: when rendering iframes, the URL is not validated, enabling an authenticated remote user to trigger a denial-of-service (DoS) by self-referencing the IFrame. Affected versions include Portal 7.2.0–7.4.3.26 and L...

6.5CVSS6.1AI score0.00569EPSS
Exploits0References1Affected Software3
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.5 views

PT-2024-20777 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.26 Liferay DXP 7.4 before update 27 Liferay DXP 7.3 before update 6 Liferay DXP 7.2 before fix pack 19 Description: The issue is related to the IFrame widget, which does not check the URL of the...

6.5CVSS6.9AI score0.00569EPSS
Exploits0References8
VulnCheck KEV
VulnCheck KEV
added 2024/02/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2013-0213

The Samba Web Administration Tool SWAT in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a 1 FRAME or 2 IFRAME element...

5.1CVSS6.9AI score0.03248EPSS
Exploits0References1
Rows per page
Query Builder