Lucene search
K

5125 matches found

The Hacker News
The Hacker News
added 2023/06/14 1:41 p.m.40 views

Severe Vulnerabilities Reported in Microsoft Azure Bastion and Container Registry

Two "dangerous" security vulnerabilities have been disclosed in Microsoft Azure Bastion and Azure Container Registry that could have been exploited to carry out cross-site scripting XSS attacks. "The vulnerabilities allowed unauthorized access to the victim's session within the compromised Azure...

6.6AI score
Exploits0
NVD
NVD
added 2023/06/13 10:15 p.m.22 views

CVE-2023-32061

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...

5.4CVSS5.3AI score0.00359EPSS
Exploits0References1
Prion
Prion
added 2023/06/13 10:15 p.m.19 views

Design/Logic Flaw

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...

5CVSS5.1AI score0.00359EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/13 9:16 p.m.7 views

CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...

5.4CVSS6.9AI score0.00359EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/13 9:16 p.m.34 views

CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...

5.4CVSS5.5AI score0.00359EPSS
Exploits0References1
CVE
CVE
added 2023/06/13 9:16 p.m.53 views

CVE-2023-32061

Discourse prior to v3.0.4 (stable) and v3.1.0.beta5 (beta/tests-passed) is vulnerable to iframe tag restriction bypass, allowing an attacker to hide subsequent comments. Root cause: lack of restrictions on the iframe tag in topic creation. Patched in v3.0.4 (stable) and v3.1.0.beta5 (beta/tests-p...

5.4CVSS5.1AI score0.00359EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/06/13 9:16 p.m.26 views

CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...

5.4CVSS5.2AI score0.00359EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.44 views

Amazon Linux 2 : webkitgtk4 (ALAS-2023-2088)

The version of webkitgtk4 installed on the remote host is prior to 2.38.5-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2088 advisory. 2024-08-28: CVE-2022-22620 was added to this advisory. 2024-08-14: CVE-2022-32893 was added to this advisory. A logic...

9.8CVSS7.5AI score0.34574EPSS
Exploits14References205
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.5 views

PT-2023-23575 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.4 Discourse versions prior to 3.1.0.beta5 Description: The issue is related to the lack of restrictions on the iFrame tag, which makes it easy for an attacker to exploit and hide subsequent comments from other...

5.4CVSS5.1AI score0.00359EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.3 views

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to 3.0.4 stable, 3.1.0.beta5, which stems from the topic creation page allowing unrestricted iFrame markup...

5.4CVSS5.7AI score0.00359EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2023/06/07 5:13 a.m.67 views

USN-6144-1: LibreOffice vulnerabilities

It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute...

7.8CVSS7.1AI score0.02244EPSS
Exploits2
OSV
OSV
added 2023/06/07 5:13 a.m.3 views

USN-6144-1 libreoffice vulnerabilities

It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute...

7.8CVSS6AI score0.02244EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.5 views

CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

6.5CVSS6.7AI score0.00347EPSS
Exploits0References5
OSV
OSV
added 2023/06/02 5:15 p.m.3 views

DEBIAN-CVE-2023-28164

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...

6.5CVSS6.8AI score0.00347EPSS
Exploits0References1
OSV
OSV
added 2023/06/02 5:15 p.m.1 views

DEBIAN-CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS6.9AI score0.00672EPSS
Exploits0References1
NVD
NVD
added 2023/06/02 5:15 p.m.17 views

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS6.5AI score0.00672EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.2 views

CVE-2023-25728

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS5.9AI score0.00672EPSS
Exploits0References5
OSV
OSV
added 2023/06/02 5:15 p.m.2 views

CVE-2023-23601

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS7.1AI score
Exploits0References4
NVD
NVD
added 2023/06/02 5:15 p.m.15 views

CVE-2023-23601

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS6.6AI score0.00347EPSS
Exploits0References4
OSV
OSV
added 2023/06/02 5:15 p.m.1 views

DEBIAN-CVE-2023-23601

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...

6.5CVSS6.7AI score0.00347EPSS
Exploits0References1
Rows per page
Query Builder