5125 matches found
WordPress Elementor Iframe Injection
Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...
Wordpress Plugin Elementor 3.5.5 - Iframe Injection
Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...
The vulnerability of the Iframe Dialog and Media Embed functions in CKEditor’s WYSIWYG editor allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the Iframe Dialog and Media Embed functions in the CKEditor WYSIWYG editor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
CVE-2023-24394
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...
CVE-2023-24394
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...
CVE-2023-24394
CVE-2023-24394 is a stored XSS vulnerability in the WordPress plugin iframe-popup (Gopi Ramasamy) for versions
CVE-2023-24394 WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...
WordPress plugin iframe 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
The vulnerability in the isolated iframe environment of Google Chrome allows a perpetrator to bypass existing security restrictions and gain unauthorized access to protected information.
The vulnerability in the isolated iframe environment of Google Chrome relates to the use of an untrusted intermediate policy file. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain unauthorized access to protected information through a...
WordPress Elementor Website Builder Plugin < 3.5.5 Iframe Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elementor:websitebuilder"; ifdescription...
CVE-2022-4953 Elementor < 3.5.5 - Iframe Injection
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs...
CVE-2022-48603
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48603
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
Sql injection
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
CVE-2022-48603
A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...
ScienceLogic SL1 SQL注入漏洞
ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...
Information Disclosure
chromium is vulnerable to Information Disclosure. The vulnerability exists due to inappropriate implementation in iFrame Sandbox in Google Chromewhich allows a remote attacker to leak cross-origin data via a crafted HTML page...
Denial Of Service (DoS)
firefox and thunderbird are vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a missing activation delay on the error page for sites with invalid TLS certificates. An attacker can exploit this vulnerability by creating a malicious website that contains a crafted iframe...
PT-2023-6795 · Apple +6 · Safari +7
Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17 Description: This issue is related to improved iframe sandbox enforcement. An attacker with JavaScript execution may be able to execute arbitrary code. The vulnerability is also associated with the WPE WebKit and...
CVE-2022-4908
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...