5125 matches found
Design/Logic Flaw
GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component...
CVE-2023-45879
CVE-2023-45879 affects GibbonEdu Gibbon 25.0.0, where the Messager component is vulnerable to HTML Injection via an IFRAME element. The description across multiple connected sources confirms the flaw but does not provide specific remediation details in the supplied documents. CVSS data from NVD i...
CVE-2023-45879
GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component...
Gibbon Security Vulnerabilities
Gibbon is a school platform that solves real-world problems that educators encounter every day. GibbonEdu A security vulnerability exists in Gibbon version 25.0.0 that stems from a vulnerability that allows HTML to be injected into the Messager component via the IFRAME element...
CVE-2023-4775
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advancediframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-4775 Advanced iFrame <= 2023.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advancediframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
WordPress plugin Advanced iFrame security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Fedora 39 : ckeditor (2023-426b3a500d)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-426b3a500d advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...
ALSA-2023:6508 Moderate: libreoffice security update
LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...
Rocky Linux 8 : firefox (RLSA-2022:0130)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0130 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR 91.5, Firefox...
Rocky Linux 8 : thunderbird (RLSA-2022:6708)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6708 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specifi...
Rocky Linux 8 : thunderbird (RLSA-2023:0463)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0463 advisory. - An out of date library libusrsctp contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox...
iframe forms <= 1.0 - Contributor+ Stored Cross-Site Scripting
Description The plugin does not properly sanitize and escape the 'iframe' shortcode. This leads to the possibility of stored Cross-Site Scripting where arbitrary web scripts can be injected into pages...
SUSE SLED15: WebKitGTK-4.0-lang / WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2023:4294-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4294-1 advisory. This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5...
CVE-2023-5073
The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2023-5073
The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
Cross site scripting
The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2023-5073 iframe forms <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframe Shortcode
The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2023-5073
CVE-2023-5073 concerns the WordPress plugin “iframe forms.” The vulnerability is a Stored Cross‑Site Scripting (XSS) via the iframe shortcode in versions up to and including 1.0, caused by insufficient input sanitization and output escaping. An attacker with Contributor level or higher authentica...
WordPress Plugin iframe forms cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...