Lucene search
K

5125 matches found

OSV
OSV
added 2023/07/29 12:15 a.m.29 views

CVE-2022-4908

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.1AI score
Exploits0References4
OSV
OSV
added 2023/07/29 12:15 a.m.2 views

DEBIAN-CVE-2022-4908

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS4.8AI score0.00538EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/07/29 12:15 a.m.40 views

CVE-2022-4908

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00538EPSS
Exploits1References3
Prion
Prion
added 2023/07/29 12:15 a.m.27 views

Design/Logic Flaw

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS4.2AI score0.00538EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/07/28 11:26 p.m.193 views

CVE-2022-4908

CVE-2022-4908 refers to an inappropriate implementation in Chrome/Chromium’s iFrame Sandbox that could leak cross-origin data via a crafted HTML page. Affected product is Google Chrome (and Chromium-based components); vulnerable component/behavior is the iFrame Sandbox. The root cause is an incor...

4.3CVSS4.8AI score0.00538EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/07/28 11:26 p.m.38 views

CVE-2022-4908

Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.3AI score0.00538EPSS
Exploits1References4
wpexploit
wpexploit
added 2023/07/27 12:0 a.m.161 views

Bit Assist < 1.1.9 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. In the plugin's settings, click on...

4.8CVSS4.8AI score0.00379EPSS
Exploits2
Cvelist
Cvelist
added 2023/07/20 10:55 a.m.19 views

CVE-2023-37290 InfoDoc Document On-line Submission and Approval System - Server-Side Request Forgery (SSRF)

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows...

7.5CVSS7.8AI score0.00558EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/07/19 12:0 a.m.159 views

Elementor < 3.5.5 - Iframe Injection

Description The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs. PoC...

6.1CVSS6.1AI score0.02027EPSS
Exploits5References1Affected Software1
wpexploit
wpexploit
added 2023/07/19 12:0 a.m.384 views

Elementor < 3.5.5 - Iframe Injection

Description The plugin does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs...

6.1CVSS6.2AI score0.02027EPSS
Exploits5References1
OSV
OSV
added 2023/07/10 4:15 p.m.3 views

CVE-2023-2964

The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks...

5.4CVSS7.3AI score0.00452EPSS
Exploits2References1
CVE
CVE
added 2023/07/10 12:40 p.m.46 views

CVE-2023-2964

The CVE-2023-2964 entry concerns the WordPress Simple Iframe plugin (vulnerable

5.4CVSS5.5AI score0.00452EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/07/10 12:40 p.m.30 views

CVE-2023-2964 Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks...

5.5AI score0.00452EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/07/10 12:40 p.m.9 views

CVE-2023-2964 Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks...

5.3AI score0.00452EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.9 views

WordPress plugin Simple Iframe 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00452EPSS
Exploits2References2
Veracode
Veracode
added 2023/07/09 8:12 a.m.26 views

Missing Authorization

firefox is vulnerable to Missing Authorization. When storage of cookies is blocked, it is still possible to store data in local storage by using an iframe with a 'about.blank' source resulting in websites being able to store data without permission...

6.5CVSS6.5AI score0.0048EPSS
Exploits0References4Affected Software2
SUSE CVE
SUSE CVE
added 2023/07/07 2:19 a.m.2 views

SUSE CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

6.5CVSS6.2AI score0.0048EPSS
Exploits0References7
CNVD
CNVD
added 2023/07/07 12:0 a.m.45 views

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in versions prior to Mozilla Firefox 110, which can be exploited by attackers to cause unexpected network requests from the operating system.

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...

6.5CVSS6.1AI score0.0048EPSS
Exploits0References1
Huntr
Huntr
added 2023/07/05 12:33 p.m.27 views

XSS vulnerabilities via various embeds

Description JSFiddle, Gliffy, Otter and Tldraw embeds lack sufficient input validation. Every one of them can be abused to achieve a stored XSS on a main application domain. This XSS triggers for everyone viewing the document. Proof of Concept PoC file is different for each vulnerable embed. See...

4.9CVSS6.3AI score0.00429EPSS
Exploits1
OSV
OSV
added 2023/07/05 10:15 a.m.3 views

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

6.5CVSS7.4AI score0.0048EPSS
Exploits0References3
Rows per page
Query Builder