Lucene search
K

5125 matches found

OSV
OSV
added 2024/02/01 4:15 a.m.3 views

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

5.4CVSS7.4AI score0.00315EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/02/01 4:15 a.m.3 views

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.5CVSS5.6AI score0.00315EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/01 12:0 a.m.4 views

PT-2024-15197 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions up to, and including, 2023.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'advanced iframe' shortcode due to insufficient input sanitization and output escapi...

6.4CVSS5.5AI score0.00315EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/02/01 12:0 a.m.9 views

WordPress Advanced iFrame Plugin <= 2023.10 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.10 Fixed in 2024.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7069 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a79bcd48a9fe Credits Webbernaut Required...

6.4CVSS5.7AI score0.00315EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/02/01 12:0 a.m.12 views

Advanced iFrame < 2024.0 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its advancediframe shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

4.9CVSS6.1AI score0.00315EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/02/01 12:0 a.m.3 views

WordPress plugin Advanced iFrame cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.1AI score0.00307EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/31 7:11 a.m.2 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/31 7:10 a.m.5 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.3 views

WordPress plugin Advanced iFrame 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Advanced iFrame, which stems from insufficient input cleanup and output escapi...

6.4CVSS6AI score0.00315EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/30 4:12 p.m.4 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 4:12 p.m.4 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 3:25 p.m.2 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 3:24 p.m.4 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 2:55 p.m.1 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 2:55 p.m.9 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 2:23 p.m.4 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 2:22 p.m.3 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 2:22 p.m.4 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 2:22 p.m.3 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/01/30 2:20 p.m.1 views

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

6.5CVSS7.3AI score0.006EPSS
Exploits0References6
Rows per page
Query Builder