Lucene search
K

5125 matches found

Prion
Prion
added 2023/07/05 10:15 a.m.15 views

Code injection

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

4.3CVSS5.8AI score0.0048EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/05 10:15 a.m.0 views

UBUNTU-CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

6.5CVSS6.8AI score0.0048EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2023/07/05 9:1 a.m.13 views

CVE-2023-3482

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox 115...

6.4AI score0.0048EPSS
Exploits0References3
CVE
CVE
added 2023/07/05 9:1 a.m.120 views

CVE-2023-3482

The CVE-2023-3482 issue affects Mozilla Firefox prior to version 115, where blocking all cookies does not prevent data exfiltration via localStorage using an iframe with src='about:blank'. This allows a malicious site to store tracking data in the local storage without permission, representing an...

6.5CVSS6.4AI score0.0048EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.3 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...

6.5CVSS5.8AI score0.0048EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2023/06/30 12:0 a.m.10 views

The vulnerability in the isolated iframe of the Google Chrome browser allows a perpetrator to circumvent existing restrictions on file downloads.

The vulnerability in the isolated iframe environment of Google Chrome relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to circumvent existing restrictions on file downloads by using a specially created HTML page...

7.8CVSS6.8AI score0.00595EPSS
Exploits0References8Affected Software4
OSV
OSV
added 2023/06/26 11:15 a.m.5 views

CVE-2023-29436

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

5.4CVSS7.3AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2023/06/26 11:15 a.m.14 views

CVE-2023-29436

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

6.5CVSS5.8AI score0.00361EPSS
Exploits0References1
Prion
Prion
added 2023/06/26 11:15 a.m.21 views

Cross site scripting

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

4.9CVSS5.2AI score0.00361EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/26 10:46 a.m.13 views

CVE-2023-29436 WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

6.5CVSS5.6AI score0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/26 10:46 a.m.23 views

CVE-2023-29436 WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Flyn San IFrame Shortcode plugin = 1.0.5 versions...

6.5CVSS6AI score0.00361EPSS
Exploits0References1
CVE
CVE
added 2023/06/26 10:46 a.m.49 views

CVE-2023-29436

CVE-2023-29436 is a stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin “Flyn San IFrame Shortcode” (Flynsarmy iframe shortcodes) affecting versions ≤ 1.0.5. The issue requires authenticated access (Contributor+), and exploit occurs via the plugin’s shortcode handling, enablin...

6.5CVSS5.4AI score0.00361EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/26 12:0 a.m.4 views

PT-2023-22260 · WordPress · Flyn San Iframe Shortcode

Name of the Vulnerable Software and Affected Versions: Flyn San IFrame Shortcode plugin versions 1.0.5 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to b...

6.5CVSS5.5AI score0.00361EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.3 views

WordPress Plugin Flyn San IFrame Shortcode 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.5CVSS6.6AI score0.00361EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/06/24 12:0 a.m.19 views

PT-2023-7510 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62 Description: The issue is related to an inappropriate implementation in the Web Browser UI, allowing a remote attacker to potentially spoof the contents of an iframe dialog context menu via a...

9.8CVSS6.2AI score0.99739EPSS
Exploits128References1112
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.19 views

WordPress Simple Iframe Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Simple Iframe Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2964 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 0a6a1d288d08 Credits Jihoon Lee Required...

5.4CVSS5.6AI score0.00452EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.167 views

Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378 sec-ch-ua:...

5.4CVSS8.6AI score0.00452EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.26 views

Simple Iframe < 1.2.0 - Contributor+ Stored XSS

The plugin does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks. PoC POST /wp-json/wp/v2/posts/60?locale=user HTTP/1.1 Host: 127.0.0.1 Content-Length: 378...

5.4CVSS8.4AI score0.00452EPSS
Exploits2Affected Software1
OpenVAS
OpenVAS
added 2023/06/15 12:0 a.m.17 views

Discourse 3.1.x < 3.1.0.beta5 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescriptio...

5.4CVSS4.9AI score0.00399EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/06/14 1:41 p.m.4 views

Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting XSS attacks. "The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure...

6.3AI score
Exploits0
Rows per page
Query Builder