5125 matches found
CVE-2023-52125
CVE-2023-52125 refers to a stored XSS vulnerability in the WordPress iframe plugin, exploitable via the iframe shortcode’s srcdoc handling. The issue is described as an authenticated Stored Cross-Site Scripting vulnerability (via srcdoc) affecting iframe users up to version 4.8, with a patch indi...
PT-2024-14422 · Unknown · Webvitaly Iframe
Name of the Vulnerable Software and Affected Versions: webvitaly iframe versions n/a through 4.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For webvitaly...
WordPress Plugin iframe Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
Cross-site Scripting (XSS)
tinymce is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of proper sanitization for iframe, object and embed URL attributes within the TinyMCE's core parser. This allows an attacker to insert a specially crafted piece of content into the editor using the clipboard or APIs...
iFrame < 4.9 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape the srcdoc parameter, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks, however given that the malicious JS is limited to the scope of the iframe, there is no practical way to make users su...
SUSE SLED15: WebKitGTK-4.0-lang / WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2024:0004-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0004-1 advisory. - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution...
members.infotracer.com IFRAME Injection vulnerability OBB-3826339
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-41814
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pandora FMS on all allows Cross-Site Scripting XSS. Through an HTML payload iframe tag it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This...
PT-2023-28111 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 774 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows an attacker to carry out XSS attacks when a user opens...
WordPress iFrame Plugin <= 4.8 is vulnerable to Cross Site Scripting (XSS)
Software iFrame Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52125 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID eecbc6285d96 Credits LVT-tholv2k Required privilege Contributor Publishe...
WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)
Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51690 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c667cf5c8ba9 Credits LVT-tholv2k Required privilege...
Information Exposure
Firefox is vulnerable to Information Exposure. The vulnerability is caused due to a element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content...
weborder.husqvarna.com IFRAME Injection vulnerability OBB-3820722
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
SUSE CVE-2023-6869
A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...
weborder.husqvarna.com IFRAME Injection vulnerability OBB-3819805
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CentOS 7 : thunderbird (RHSA-2023:1401)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1401 advisory. - Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a...
CVE-2023-50825
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0...
CVE-2023-50825 WordPress iframe Shortcode Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.This issue affects iframe Shortcode: from n/a through 2.0...
CVE-2023-50825
CVE-2023-50825 describes a stored cross-site scripting (XSS) flaw in the WordPress plugin/component named iframe Shortcode. The Initial Description states that this is an XSS in the iframe Shortcode and the vulnerability affects versions up to 2.0. The Connected Documents provide no additional te...