5125 matches found
PT-2023-31627 · WordPress · Iframe Forms Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: iframe forms plugin for WordPress versions up to, and including, 1.0 Description: The issue is related to Stored Cross-Site Scripting via the 'iframe' shortcode due to insufficient input sanitization and output escaping. This allows...
Feedback button iframe should be sandboxed
h3. Issue Summary When feedback button is clicked in Jira top navigation bar, it loads an iframe with content from jira.atlassian.com. Iframe doesn't have sandbox attribute which may be seen as a potential vulnerability. IFrame sandboxing enables a set of additional restrictions for the content...
WordPress iframe forms Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software iframe forms Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5073 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1839edf7170f Credits István Márton Required privileg...
Apple Safari Security Update (HT213638)
Apple Safari is multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:safari"; ifdescription...
CVE-2023-5718
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
Code injection
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
PT-2023-32289 · Unknown · Vue.Js Devtools Extension
Name of the Vulnerable Software and Affected Versions: Vue.js Devtools extension affected versions not specified Description: The Vue.js Devtools extension leaks screenshot data back to a malicious web page via the standard postMessage API. This occurs when a malicious web page with an iFrame...
CVE-2023-5071
The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekitiframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...
CVE-2023-4919
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...
CVE-2023-4919
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...
CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...
CVE-2023-4919
The provided sources confirm CVE-2023-4919: the WordPress iframe plugin is vulnerable to Stored XSS via the iframe shortcode in versions up to and including 4.6 due to insufficient input sanitization and output escaping. Attack requires contributor-level privileges or higher and affects pages ren...
CVE-2023-4919 iframe <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'iframe' Shortcode
The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the iframe shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, ...
WordPress Plugin iframe Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
LinkedIn: Stored XSS on LinkedIn App via iframe tag in Article
A stored cross-site scripting vulnerability was found in the LinkedIn mobile application that allowed JavaScript code to be executed when viewing specially crafted articles containing iframe tags. The issue was resolved after receiving the report...
CVE-2023-5103
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...
CVE-2023-5103
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...
Input validation
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...
CVE-2023-5103
Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe...
PT-2023-31744 · Sick · Sick Apu Rdt400
Name of the Vulnerable Software and Affected Versions: SICK APU RDT400 affected versions not specified Description: The issue allows an unprivileged remote attacker to potentially reveal sensitive information by tricking a user into clicking on an actionable item using an iframe. This is due to...