Lucene search
K

5125 matches found

OSV
OSV
added 2023/12/07 6:15 a.m.12 views

CVE-2023-46857

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for...

5.4CVSS5.7AI score
Exploits0References3
Prion
Prion
added 2023/12/07 6:15 a.m.11 views

Design/Logic Flaw

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for...

4.9CVSS5.9AI score0.00569EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/12/07 2:7 a.m.2 views

SUSE CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.5CVSS8.4AI score0.01286EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/12/07 12:0 a.m.4 views

squidex 跨站脚本漏洞

squidex is a Headless CMS and content management center. A cross-site scripting vulnerability exists in Squidex versions prior to 7.9.0, which stems from the presence of an incomplete blacklist in the SVG check, and can be exploited by an attacker to conduct a cross-site scripting attack via the...

5.4CVSS5.3AI score0.00569EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2023/12/07 12:0 a.m.45 views

Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory. - Microsoft Edge Chromium-based Elevation of Privilege Vulnerability CVE-2023-35618 - Microsoft Edge...

9.6CVSS7.1AI score0.02925EPSS
Exploits1References17
NVD
NVD
added 2023/12/06 2:15 a.m.19 views

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.01286EPSS
Exploits0References6
OSV
OSV
added 2023/12/06 2:15 a.m.7 views

DEBIAN-CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.5CVSS6.9AI score0.01286EPSS
Exploits0References1
OSV
OSV
added 2023/12/06 2:15 a.m.14 views

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5AI score
Exploits0References6
Prion
Prion
added 2023/12/06 2:15 a.m.26 views

Design/Logic Flaw

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

4.3CVSS6AI score0.01286EPSS
Exploits0References6Affected Software3
Vulnrichment
Vulnrichment
added 2023/12/06 1:19 a.m.4 views

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

5.7AI score0.01286EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/12/06 1:19 a.m.22 views

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.6AI score0.01286EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2023/12/06 1:19 a.m.29 views

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.5CVSS6.5AI score0.01286EPSS
Exploits0
CVE
CVE
added 2023/12/06 1:19 a.m.142 views

CVE-2023-6512

The CVE-2023-6512 issue affects Google Chrome’s Web Browser UI, where an inappropriate implementation in the UI could allow a remote attacker to spoof the contents of an iframe dialog context menu via a crafted HTML page. Affected product/versions include Chrome prior to 120.0.6099.62. The underl...

6.5CVSS6.2AI score0.01286EPSS
Exploits0References6Affected Software2
UbuntuCve
UbuntuCve
added 2023/12/06 12:0 a.m.24 views

CVE-2023-6512

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...

6.5CVSS6.8AI score0.01286EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2023/12/04 1:47 p.m.11 views

eurovoyages.net IFRAME Injection vulnerability OBB-3802516

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.8 views

iframe < 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

Description The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission...

6.4CVSS5.8AI score0.00519EPSS
Exploits1References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.27 views

Jetpack < 12.7 - Authenticated(Contributor+) Clickjacking via Iframe Injection

Description The Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress is vulnerable to Clickjacking via iframe injection due to an unknown parameter in all versions up to and including 12.6.2 due to insufficient input sanitization and output escaping. This makes it possible for...

7AI score0.00272EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2023/11/21 3:15 p.m.19 views

CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

6.5CVSS6.2AI score0.00614EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/16 12:0 a.m.41 views

Oracle Linux 9 : webkit2gtk3 (ELSA-2023-6535)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6535 advisory. 2.40.5-1 - Update to 2.40.5 Related: 2176270 2.40.4-1 - Update to 2.40.4 Related: 2176270 2.40.3-2 - Disable JIT Related: 2176270 2.40.3-1 - Update to...

9.8CVSS7.1AI score0.01521EPSS
Exploits0References19
OSV
OSV
added 2023/11/14 6:15 a.m.10 views

CVE-2023-45879

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component...

5.4CVSS7AI score
Exploits0References1
Rows per page
Query Builder