5140 matches found
CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...
CVE-2023-32061 Discourse Topic Creation Page Allows iFrame Tag without Restrictions
Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, the lack of restrictions on the iFrame tag makes it easy for an attacker to exploit the vulnerability and hide subsequent comments from other...
Discourse 安全漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to 3.0.4 stable, 3.1.0.beta5, which stems from the topic creation page allowing unrestricted iFrame markup...
PT-2023-23575 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.4 Discourse versions prior to 3.1.0.beta5 Description: The issue is related to the lack of restrictions on the iFrame tag, which makes it easy for an attacker to exploit and hide subsequent comments from other...
Amazon Linux 2 : webkitgtk4 (ALAS-2023-2088)
The version of webkitgtk4 installed on the remote host is prior to 2.38.5-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2088 advisory. 2024-08-28: CVE-2022-22620 was added to this advisory. 2024-08-14: CVE-2022-32893 was added to this advisory. A logic...
USN-6144-1 libreoffice vulnerabilities
It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute...
USN-6144-1: LibreOffice vulnerabilities
It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute...
CVE-2023-28164
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
DEBIAN-CVE-2023-28164
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
CVE-2023-25728
The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2023-25728
The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
DEBIAN-CVE-2023-25728
The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2023-23601
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-23601
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
DEBIAN-CVE-2023-23601
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Type confusion
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
CVE-2023-23601
CVE-2023-23601 is a browser navigation/vulnerability caused by dragging a URL from a cross-origin iframe into the same tab, enabling potential spoofing. Public records confirm impact on Firefox (less than 109) and Firefox ESR (less than 102.7) and Thunderbird (less than 102.7). Multiple advisorie...
CVE-2023-28164
Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox 111, Firefox ESR 102.9, and Thunderbird 102.9...
CVE-2023-23601
Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...