Lucene search
K

5125 matches found

Packet Storm
Packet Storm
added 2023/09/08 12:0 a.m.420 views

WordPress Elementor Iframe Injection

Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...

6.1CVSS7.1AI score0.02027EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/09/08 12:0 a.m.482 views

Wordpress Plugin Elementor 3.5.5 - Iframe Injection

Exploit Title: Wordpress Plugin Elementor 3.5.5 - Iframe Injection Date: 28.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://elementor.com/ Version: 3.5.5 Tested on: Google and Firefox latest version CVE : CVE-2022-4953 1. Description The plugin does not filter out user-controlle...

6.1CVSS6.5AI score0.02027EPSS
Exploits5
BDU FSTEC
BDU FSTEC
added 2023/09/07 12:0 a.m.4 views

The vulnerability of the Iframe Dialog and Media Embed functions in CKEditor’s WYSIWYG editor allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the Iframe Dialog and Media Embed functions in the CKEditor WYSIWYG editor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...

6.4CVSS7.2AI score0.00725EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/08/25 11:15 a.m.6 views

CVE-2023-24394

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...

4.8CVSS7.3AI score0.00369EPSS
Exploits0References1
NVD
NVD
added 2023/08/25 11:15 a.m.13 views

CVE-2023-24394

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...

5.9CVSS5.4AI score0.00369EPSS
Exploits0References1
CVE
CVE
added 2023/08/25 10:23 a.m.42 views

CVE-2023-24394

CVE-2023-24394 is a stored XSS vulnerability in the WordPress plugin iframe-popup (Gopi Ramasamy) for versions

5.9CVSS5AI score0.00369EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/25 10:23 a.m.11 views

CVE-2023-24394 WordPress iframe popup Plugin <= 3.3 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy iframe popup plugin = 3.3 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/25 12:0 a.m.5 views

WordPress plugin iframe 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

5.9CVSS6.4AI score0.00369EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/08/16 12:0 a.m.5 views

The vulnerability in the isolated iframe environment of Google Chrome allows a perpetrator to bypass existing security restrictions and gain unauthorized access to protected information.

The vulnerability in the isolated iframe environment of Google Chrome relates to the use of an untrusted intermediate policy file. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain unauthorized access to protected information through a...

5CVSS5.4AI score0.00538EPSS
Exploits1References5Affected Software2
OpenVAS
OpenVAS
added 2023/08/15 12:0 a.m.29 views

WordPress Elementor Website Builder Plugin < 3.5.5 Iframe Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:elementor:websitebuilder"; ifdescription...

6.1CVSS6.9AI score0.02027EPSS
Exploits5References1
Cvelist
Cvelist
added 2023/08/14 7:10 p.m.26 views

CVE-2022-4953 Elementor < 3.5.5 - Iframe Injection

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs...

6.3AI score0.02027EPSS
Exploits5References2
NVD
NVD
added 2023/08/09 7:15 p.m.13 views

CVE-2022-48603

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS8.9AI score0.00608EPSS
Exploits0References1
OSV
OSV
added 2023/08/09 7:15 p.m.3 views

CVE-2022-48603

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS5.9AI score0.00608EPSS
Exploits0References1
Prion
Prion
added 2023/08/09 7:15 p.m.15 views

Sql injection

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

6.5CVSS8.8AI score0.00608EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/09 6:34 p.m.17 views

CVE-2022-48603

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user‐controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database...

8.8CVSS9.1AI score0.00608EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/09 12:0 a.m.4 views

ScienceLogic SL1 SQL注入漏洞

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

8.8CVSS8.1AI score0.00608EPSS
Exploits0References2
Veracode
Veracode
added 2023/08/06 11:24 p.m.27 views

Information Disclosure

chromium is vulnerable to Information Disclosure. The vulnerability exists due to inappropriate implementation in iFrame Sandbox in Google Chromewhich allows a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS4.8AI score0.00538EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/08/06 5:30 p.m.24 views

Denial Of Service (DoS)

firefox and thunderbird are vulnerable to Denial of Service DoS attacks. This vulnerability occurs due to a missing activation delay on the error page for sites with invalid TLS certificates. An attacker can exploit this vulnerability by creating a malicious website that contains a crafted iframe...

3.1CVSS6.6AI score0.00897EPSS
Exploits0References7Affected Software3
Positive Technologies
Positive Technologies
added 2023/08/05 12:0 a.m.13 views

PT-2023-6795 · Apple +6 · Safari +7

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17 Description: This issue is related to improved iframe sandbox enforcement. An attacker with JavaScript execution may be able to execute arbitrary code. The vulnerability is also associated with the WPE WebKit and...

10CVSS7.6AI score0.29179EPSS
Exploits3References220
NVD
NVD
added 2023/07/29 12:15 a.m.26 views

CVE-2022-4908

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS4.5AI score0.00538EPSS
Exploits1References4
Rows per page
Query Builder