Lucene search
K

5125 matches found

Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-31627 · WordPress · Iframe Forms Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: iframe forms plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the 'iframe' shortcode due to insufficient input sanitization and output escaping. This allows...

6.4CVSS5.4AI score0.00403EPSS
Exploits1References5
Atlassian
Atlassian
added 2023/10/30 1:26 p.m.28 views

Feedback button iframe should be sandboxed

h3. Issue Summary When feedback button is clicked in Jira top navigation bar, it loads an iframe with content from jira.atlassian.com. Iframe doesn't have sandbox attribute which may be seen as a potential vulnerability. IFrame sandboxing enables a set of additional restrictions for the content...

7.4AI score
Exploits0Affected Software1
Patchstack
Patchstack
added 2023/10/30 12:0 a.m.13 views

WordPress iframe forms Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)

Software iframe forms Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5073 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1839edf7170f Credits István Márton Required privileg...

6.4CVSS5.7AI score0.00403EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2023/10/27 12:0 a.m.24 views

Apple Safari Security Update (HT213638)

Apple Safari is multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...

8.8CVSS8.3AI score0.09502EPSS
Exploits1References3
OSV
OSV
added 2023/10/23 3:15 p.m.3 views

CVE-2023-5718

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

4.3CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2023/10/23 3:15 p.m.17 views

Code injection

The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...

4.3CVSS4.7AI score0.00248EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/23 12:0 a.m.4 views

PT-2023-32289 · Unknown · Vue.Js Devtools Extension

Name of the Vulnerable Software and Affected Versions: Vue.js Devtools extension affected versions not specified Description: The Vue.js Devtools extension leaks screenshot data back to a malicious web page via the standard postMessage API. This occurs when a malicious web page with an iFrame...

4.3CVSS4.4AI score0.00248EPSS
Exploits1References4
OSV
OSV
added 2023/10/20 7:15 a.m.1 views

CVE-2023-5071

The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekitiframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

5.4CVSS5.9AI score0.00413EPSS
Exploits0References3
NVD
NVD
added 2023/10/20 7:15 a.m.13 views

CVE-2023-4919

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

6.4CVSS5.7AI score0.00519EPSS
Exploits1References4
OSV
OSV
added 2023/10/20 7:15 a.m.3 views

CVE-2023-4919

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

5.4CVSS7AI score0.00519EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/10/20 6:35 a.m.5 views

CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

6.4CVSS6.8AI score0.00519EPSS
Exploits1References4
CVE
CVE
added 2023/10/20 6:35 a.m.53 views

CVE-2023-4919

The provided sources confirm CVE-2023-4919: the WordPress iframe plugin is vulnerable to Stored XSS via the iframe shortcode in versions up to and including 4.6 due to insufficient input sanitization and output escaping. Attack requires contributor-level privileges or higher and affects pages ren...

6.4CVSS5.3AI score0.00519EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/10/20 6:35 a.m.16 views

CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode

The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...

6.4CVSS5.9AI score0.00519EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/20 12:0 a.m.4 views

WordPress Plugin iframe Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.4CVSS6AI score0.00519EPSS
Exploits1References5
Hacker One
Hacker One
added 2023/10/17 11:52 a.m.19 views

LinkedIn: Stored XSS on LinkedIn App via iframe tag in Article

A stored cross-site scripting vulnerability was found in the LinkedIn mobile application that allowed JavaScript code to be executed when viewing specially crafted articles containing iframe tags. The issue was resolved after receiving the report...

6.2AI score
Exploits0
OSV
OSV
added 2023/10/09 1:15 p.m.4 views

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...

4.3CVSS5.8AI score0.00452EPSS
Exploits0References3
NVD
NVD
added 2023/10/09 1:15 p.m.24 views

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...

4.3CVSS4.5AI score0.00452EPSS
Exploits0References3
Prion
Prion
added 2023/10/09 1:15 p.m.18 views

Input validation

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...

4.3CVSS4.6AI score0.00452EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/09 12:11 p.m.12 views

CVE-2023-5103

Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...

4.3CVSS6.6AI score0.00452EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/09 12:0 a.m.5 views

PT-2023-31744 · Sick · Sick Apu Rdt400

Name of the Vulnerable Software and Affected Versions: SICK APU RDT400 affected versions not specified Description: The issue allows an unprivileged remote attacker to potentially reveal sensitive information by tricking a user into clicking on an actionable item using an iframe. This is due to...

4.3CVSS4.4AI score0.00452EPSS
Exploits0References6
Rows per page
Query Builder