5125 matches found
Code injection
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...
UBUNTU-CVE-2023-3482
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...
CVE-2023-3482
When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...
CVE-2023-3482
The CVE-2023-3482 issue affects Mozilla Firefox prior to version 115, where blocking all cookies does not prevent data exfiltration via localStorage using an iframe with src='about:blank'. This allows a malicious site to store tracking data in the local storage without permission, representing an...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...
The vulnerability in the isolated iframe of the Google Chrome browser allows a perpetrator to circumvent existing restrictions on file downloads.
The vulnerability in the isolated iframe environment of Google Chrome relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to circumvent existing restrictions on file downloads by using a specially created HTML page...
CVE-2023-29436
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...
CVE-2023-29436
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...
Cross site scripting
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...
CVE-2023-29436 WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...
CVE-2023-29436 WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...
CVE-2023-29436
CVE-2023-29436 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Flyn San IFrame Shortcode” (Flynsarmy iframe shortcodes) affecting versions ≤ 1.0.5. The issue requires authenticated access (Contributor+), and exploit occurs via the plugin’s shortcode handling, enablin...
PT-2023-22260 · WordPress · Flyn San Iframe Shortcode
Name of the Vulnerable Software and Affected Versions: Flyn San IFrame Shortcode plugin versions 1.0.5 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to b...
WordPress Plugin Flyn San IFrame Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2023-7510 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62 Description: The issue is related to an inappropriate implementation in the Web Browser UI, allowing a remote attacker to potentially spoof the contents of an iframe dialog context menu via a...
WordPress Simple Iframe Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Simple Iframe Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2964 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a6a1d288d08 Credits Jihoon Lee Required...
Simple Iframe < 1.2.0 - Contributor+ Stored XSS
The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378 sec-ch-ua:...
Simple Iframe < 1.2.0 - Contributor+ Stored XSS
The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. PoC POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378...
Discourse 3.1.x < 3.1.0.beta5 Multiple Vulnerabilities
Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...
Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry
Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting XSS attacks. "The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure...