5125 matches found
Fedora 38 : ckeditor (2023-79b5902a52)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-79b5902a52 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...
Fedora 37 : ckeditor (2023-983ff03630)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-983ff03630 advisory. - 4.22.0/4.22.1 - 4.21.0 - GHSA-vh5c-xwqv-cv9g / CVE-2023-28439 - 4.20.2 - 4.20.1 Tenable has extracted the preceding description block directly from the...
SUSE CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
DEBIAN-CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
Code injection
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
UBUNTU-CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
VulnCheck KEV: CVE-2021-23957
Navigations through the Android-specific intent URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
VulnCheck KEV: CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...
Amazon Linux 2 : firefox (ALASFIREFOX-2023-007)
The version of firefox installed on the remote host is prior to 102.8.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-007 advisory. firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 The Mozilla Foundation Security...
CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
CVE-2023-40451
CVE-2023-40451 affects WebKit/WebKitGTK and related Safari/WebKit components. Affected: iframe sandbox enforcement weakness that could let an attacker with JavaScript execution run arbitrary code. Public writeups confirm the fix in Safari 17; remediation is upgrading to Safari 17 or applying vend...
CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
CVE-2023-40451
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code...
WordPress iFrame Plugin <= 4.6 is vulnerable to Cross Site Scripting (XSS)
Software iFrame Type Plugin Vulnerable versions = 4.6 Fixed in 4.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4919 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2abd6971550b Credits Lana Codes & Alex Thomas - Wordfence...
Important: firefox
Issue Overview: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Mozilla developers and the Mozilla Fuzzing Team reporting memory safety bugs in Firefox 102. Some of these bugs showed evidence of memory corruption, and we presume that with enough effort...
Important: firefox
Issue Overview: Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian Holler, and Masayuki Nakano reported memory safety bugs present in Firefox 94. Some of these bugs showed evidence of memory corruption and we presume that with enough...
Important: firefox
Issue Overview: The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9. CVE-2022-29913 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describe...
Wordpress Elementor 3.5.5 Plugin - Iframe Injection Vulnerability
Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlled URLs from being...