Lucene search
K

5125 matches found

Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.5 views

PT-2023-31656 · Unknown · Terrier Tenacity Iframe Shortcode

Name of the Vulnerable Software and Affected Versions: Terrier Tenacity iframe Shortcode versions n/a through 2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This affects the iframe...

6.5CVSS6AI score0.00321EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/21 12:0 a.m.5 views

WordPress plugin iframe Shortcode Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.5CVSS6.1AI score0.00321EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/21 12:0 a.m.5 views

The vulnerability in the isolated iframe environment of Mozilla Firefox allows a perpetrator to circumvent existing security restrictions.

The vulnerability in the isolated iframe environment of Mozilla Firefox is related to data interpretation errors. Exploiting this vulnerability can allow a remote attacker to bypass existing security restrictions...

3.1CVSS6.8AI score0.00555EPSS
Exploits0References8Affected Software3
UbuntuCve
UbuntuCve
added 2023/12/20 12:0 a.m.19 views

CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

6.5CVSS6.7AI score0.00555EPSS
Exploits0References5
OSV
OSV
added 2023/12/20 12:0 a.m.2 views

UBUNTU-CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

6.5CVSS7.3AI score0.00555EPSS
Exploits0References6
NVD
NVD
added 2023/12/19 2:15 p.m.21 views

CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

6.5CVSS0.00555EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2023/12/19 2:15 p.m.33 views

CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

6.5CVSS6.5AI score0.00555EPSS
Exploits0
Prion
Prion
added 2023/12/19 2:15 p.m.22 views

Code injection

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

4.3CVSS6.3AI score0.00555EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/19 1:38 p.m.28 views

CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

7AI score0.00555EPSS
Exploits0References3
CVE
CVE
added 2023/12/19 1:38 p.m.121 views

CVE-2023-6869

CVE-2023-6869 affects Mozilla Firefox older than 121. The issue arises when a element could be manipulated to render content outside a sandboxed iframe, allowing untrusted content to masquerade as trusted content. Impact per sources is user-facing trust bypass with potential to display misleadin...

6.5CVSS6.5AI score0.00555EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2023/12/19 1:38 p.m.27 views

CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

6.5CVSS8.2AI score0.00555EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/12/19 1:38 p.m.6 views

CVE-2023-6869

A dialog element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox 121...

5.8AI score0.00555EPSS
Exploits0References3
Mozilla
Mozilla
added 2023/12/19 12:0 a.m.151 views

Security Vulnerabilities fixed in Firefox 121 — Mozilla

The WebGL DrawElementsInstanced method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. Multiple NSS NIST curves were susceptible to a side-channel attack known as...

8.8CVSS9.1AI score0.20472EPSS
Exploits0References18Affected Software1
Patchstack
Patchstack
added 2023/12/19 12:0 a.m.12 views

WordPress iframe Shortcode Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)

Software iframe Shortcode Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50825 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID faeae13e0cdd Credits LVT-tholv2k Required privilege Contributo...

6.5CVSS6.6AI score0.00321EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/13 12:0 a.m.9 views

WordPress Advanced iFrame Plugin <= 2023.8 is vulnerable to Cross Site Scripting (XSS)

Software Advanced iFrame Type Plugin Vulnerable versions = 2023.8 Fixed in 2023.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4775 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 533ab95811dc Credits István Márton Required...

6.4CVSS5.7AI score0.00558EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2023/12/11 12:0 a.m.6 views

Squidex cross-site scripting vulnerability (CNVD-2023-9750454)

squidex is a Headless CMS and content management center. A cross-site scripting vulnerability exists in Squidex versions prior to 7.9.0, which stems from the presence of an incomplete blacklist in the SVG check, and can be exploited by an attacker to conduct a cross-site scripting attack via the...

5.4CVSS6.1AI score0.00569EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/12/11 12:0 a.m.35 views

FreeBSD : chromium -- multiple security fixes (4405e9ad-97fe-11ee-86bb-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4405e9ad-97fe-11ee-86bb-a8a1599412c6 advisory. - Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote...

8.8CVSS7.2AI score0.01286EPSS
Exploits0References7
Openbugbounty
Openbugbounty
added 2023/12/07 7:6 a.m.9 views

miamiartzine.com IFRAME Injection vulnerability OBB-3805210

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2023/12/07 6:15 a.m.17 views

CVE-2023-46857

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for...

5.4CVSS0.00569EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/12/07 6:15 a.m.5 views

CVE-2023-46857

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for...

5.4CVSS6AI score0.00569EPSS
Exploits1References4
Rows per page
Query Builder