Lucene search
K

5125 matches found

Prion
Prion
added 2023/11/14 6:15 a.m.13 views

Design/Logic Flaw

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component...

4.9CVSS7.4AI score0.00464EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/11/14 12:0 a.m.34 views

CVE-2023-45879

CVE-2023-45879 affects GibbonEdu Gibbon 25.0.0, where the Messager component is vulnerable to HTML Injection via an IFRAME element. The description across multiple connected sources confirms the flaw but does not provide specific remediation details in the supplied documents. CVSS data from NVD i...

5.4CVSS5.6AI score0.00464EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/14 12:0 a.m.10 views

CVE-2023-45879

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component...

7.1AI score0.00464EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/11/14 12:0 a.m.3 views

Gibbon Security Vulnerabilities

Gibbon is a school platform that solves real-world problems that educators encounter every day. GibbonEdu A security vulnerability exists in Gibbon version 25.0.0 that stems from a vulnerability that allows HTML to be injected into the Messager component via the IFRAME element...

5.4CVSS6.7AI score0.00464EPSS
Exploits1References2
OSV
OSV
added 2023/11/13 8:15 a.m.2 views

CVE-2023-4775

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advancediframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

5.4CVSS6AI score0.00558EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/11/13 7:31 a.m.26 views

CVE-2023-4775 Advanced iFrame <= 2023.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advancediframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.00558EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/13 12:0 a.m.4 views

WordPress plugin Advanced iFrame security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.7AI score0.00558EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.15 views

Fedora 39 : ckeditor (2023-426b3a500d)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...

6.1CVSS7AI score0.00725EPSS
Exploits0References2
OSV
OSV
added 2023/11/07 12:0 a.m.29 views

ALSA-2023:6508 Moderate: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

7.8CVSS6.9AI score0.65692EPSS
Exploits2References10
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.37 views

Rocky Linux 8 : firefox (RLSA-2022:0130)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0130 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox...

10CVSS7.8AI score0.0134EPSS
Exploits6References25
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 8 : thunderbird (RLSA-2022:6708)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6708 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specifi...

8.8CVSS8.2AI score0.01342EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.30 views

Rocky Linux 8 : thunderbird (RLSA-2023:0463)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0463 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...

8.8CVSS8.3AI score0.00892EPSS
Exploits0References17
WPVulnDB
WPVulnDB
added 2023/11/03 12:0 a.m.14 views

iframe forms <= 1.0 - Contributor+ Stored Cross-Site Scripting

Description The plugin does not properly sanitize and escape the 'iframe' shortcode. This leads to the possibility of stored Cross-Site Scripting where arbitrary web scripts can be injected into pages...

6.4CVSS5.7AI score0.00403EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2023/11/01 12:0 a.m.32 views

SUSE SLED15: WebKitGTK-4.0-lang / WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2023:4294-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4294-1 advisory. This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5...

8.8CVSS8.2AI score0.29179EPSS
Exploits3References24
OSV
OSV
added 2023/10/31 12:15 p.m.5 views

CVE-2023-5073

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

5.4CVSS7AI score0.00403EPSS
Exploits1References2
NVD
NVD
added 2023/10/31 12:15 p.m.27 views

CVE-2023-5073

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS5.7AI score0.00403EPSS
Exploits1References2
Prion
Prion
added 2023/10/31 12:15 p.m.22 views

Cross site scripting

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

4.9CVSS5.3AI score0.00403EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 11:29 a.m.2 views

CVE-2023-5073 iframe forms <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...

6.4CVSS6.8AI score0.00403EPSS
Exploits1References2
CVE
CVE
added 2023/10/31 11:29 a.m.62 views

CVE-2023-5073

CVE-2023-5073 concerns the WordPress plugin “iframe forms.” The vulnerability is a Stored Cross‑Site Scripting (XSS) via the iframe shortcode in versions up to and including 1.0, caused by insufficient input sanitization and output escaping. An attacker with Contributor level or higher authentica...

6.4CVSS5.3AI score0.00403EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.5 views

WordPress Plugin iframe forms cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS5.9AI score0.00403EPSS
Exploits1References3
Rows per page
Query Builder