Lucene search
K

5125 matches found

CVE
CVE
added 2024/01/05 11:13 a.m.51 views

CVE-2023-52125

CVE-2023-52125 refers to a stored XSS vulnerability in the WordPress iframe plugin, exploitable via the iframe shortcode’s srcdoc handling. The issue is described as an authenticated Stored Cross-Site Scripting vulnerability (via srcdoc) affecting iframe users up to version 4.8, with a patch indi...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/05 12:0 a.m.3 views

PT-2024-14422 · Unknown · Webvitaly Iframe

Name of the Vulnerable Software and Affected Versions: webvitaly iframe versions n/a through 4.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For webvitaly...

6.5CVSS6AI score0.00328EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/01/05 12:0 a.m.13 views

WordPress Plugin iframe Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS6AI score0.00328EPSS
Exploits0References2
Veracode
Veracode
added 2024/01/04 10:26 a.m.20 views

Cross-site Scripting (XSS)

tinymce is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of proper sanitization for iframe, object and embed URL attributes within the TinyMCE's core parser. This allows an attacker to insert a specially crafted piece of content into the editor using the clipboard or APIs...

6.1CVSS6.9AI score0.01165EPSS
Exploits1References5Affected Software2
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.20 views

iFrame < 4.9 - Contributor+ Stored XSS

Description The plugin does not sanitise and escape the srcdoc parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, however given that the malicious JS is limited to the scope of the iframe, there is no practical way to make users su...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/03 12:0 a.m.36 views

SUSE SLED15: WebKitGTK-4.0-lang / WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2024:0004-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0004-1 advisory. - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution...

8.8CVSS7.3AI score0.03609EPSS
Exploits0References18
Openbugbounty
Openbugbounty
added 2023/12/30 1:48 a.m.16 views

members.infotracer.com IFRAME Injection vulnerability OBB-3826339

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
OSV
OSV
added 2023/12/29 12:15 p.m.4 views

CVE-2023-41814

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...

6.1CVSS5.8AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.4 views

PT-2023-28111 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 774 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows an attacker to carry out XSS attacks when a user opens...

6.1CVSS5.8AI score0.0026EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/12/28 12:0 a.m.15 views

WordPress iFrame Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)

Software iFrame Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52125 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eecbc6285d96 Credits LVT-tholv2k Required privilege Contributor Publishe...

6.5CVSS6.6AI score0.00328EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.8 views

WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51690 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c667cf5c8ba9 Credits LVT-tholv2k Required privilege...

6.5CVSS6.6AI score0.00307EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2023/12/25 2:48 a.m.26 views

Information Exposure

Firefox is vulnerable to Information Exposure. The vulnerability is caused due to a element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content...

6.5CVSS7.1AI score0.00555EPSS
Exploits0References4Affected Software1
Openbugbounty
Openbugbounty
added 2023/12/23 11:1 a.m.9 views

weborder.husqvarna.com IFRAME Injection vulnerability OBB-3820722

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/12/23 2:42 a.m.2 views

SUSE CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

6.5CVSS8.5AI score0.00555EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2023/12/22 9:44 a.m.12 views

weborder.husqvarna.com IFRAME Injection vulnerability OBB-3819805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/12/22 12:0 a.m.27 views

CentOS 7 : thunderbird (RHSA-2023:1401)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1401 advisory. - Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a...

8.8CVSS8.2AI score0.00713EPSS
Exploits0References6
OSV
OSV
added 2023/12/21 3:15 p.m.4 views

CVE-2023-50825

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0...

5.4CVSS7.3AI score0.00321EPSS
Exploits0References1
Prion
Prion
added 2023/12/21 3:15 p.m.15 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0...

4.9CVSS6.9AI score0.00321EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/21 2:44 p.m.24 views

CVE-2023-50825 WordPress iframe Shortcode Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0...

6.5CVSS6.6AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2023/12/21 2:44 p.m.71 views

CVE-2023-50825

CVE-2023-50825 describes a stored cross-site scripting (XSS) flaw in the WordPress plugin/component named iframe Shortcode. The Initial Description states that this is an XSS in the iframe Shortcode and the vulnerability affects versions up to 2.0. The Connected Documents provide no additional te...

6.5CVSS6.7AI score0.00321EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder