Lucene search
K

5125 matches found

NVD
NVD
added 2023/04/26 3:15 p.m.12 views

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS6.3AI score0.00526EPSS
Exploits0References1
OSV
OSV
added 2023/04/26 3:15 p.m.23 views

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS6.4AI score
Exploits0References1
Prion
Prion
added 2023/04/26 3:15 p.m.16 views

Cross site scripting

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

5.8CVSS6AI score0.00526EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/04/26 3:15 p.m.28 views

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS6.3AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2023/04/26 3:15 p.m.1 views

UBUNTU-CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.1CVSS5.7AI score0.00526EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/04/26 12:0 a.m.25 views

CVE-2022-25276

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...

6.5AI score0.00526EPSS
Exploits0References1
CVE
CVE
added 2023/04/26 12:0 a.m.172 views

CVE-2022-25276

The CVE-2022-25276 issue affects Drupal’s Media oEmbed iframe route, where iframe domain validation is insufficient, causing embeds to render in the context of the primary domain. This misvalidation can lead to cross-site scripting, leaked cookies, or other vulnerabilities under certain circumsta...

6.1CVSS6AI score0.00526EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.2 views

PT-2023-12783 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal versions prior to the fixed version Description: The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances,...

6.1CVSS6AI score0.00526EPSS
Exploits0References12
Openbugbounty
Openbugbounty
added 2023/04/18 5:52 a.m.14 views

vak.minobrnauki.gov.ru IFRAME Injection vulnerability OBB-3266154

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/12 12:0 a.m.26 views

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-6010-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6010-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...

8.8CVSS7.8AI score0.00741EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2023/04/11 12:0 a.m.14 views

NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2023-0009)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, t...

10CVSS7.6AI score0.0383EPSS
Exploits0References29
OSV
OSV
added 2023/04/10 2:15 p.m.2 views

CVE-2023-0546

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...

5.4CVSS6.8AI score0.00478EPSS
Exploits2References1
Rockylinux
Rockylinux
added 2023/04/06 3:53 p.m.21 views

firefox security update

An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

8.8CVSS9.1AI score0.00713EPSS
Exploits0
Patchstack
Patchstack
added 2023/04/06 12:0 a.m.11 views

WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software IFrame Shortcode Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1f8d865c075 Credits Mika Required privilege...

6.5CVSS6AI score0.00361EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/06 12:0 a.m.31 views

Rocky Linux 9 : firefox (RLSA-2023:1337)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1337 advisory. - Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 - Mozilla: Potential out-of-bounds when accessing throttled streams...

8.8CVSS7.9AI score0.00713EPSS
Exploits0References11
0day.today
0day.today
added 2023/04/06 12:0 a.m.239 views

craftercms 4.x.x - cross-origin resource sharing Vulnerability

Exploit Title: craftercms 4.x.x - CORS Author: nu11secur1ty Vendor: https://docs.craftercms.org/en/4.0/index.html Software: https://github.com/craftercms/craftercms/tags = 4.x.x Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5 cross-origin...

6.8AI score
Exploits0
OSV
OSV
added 2023/04/04 3:30 p.m.17 views

GHSA-W974-RQ9X-MH3V Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter

Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

6.1CVSS6.7AI score0.0066EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/04/04 3:30 p.m.25 views

Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter

Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

6.1CVSS6.5AI score0.0066EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/04/04 3:15 p.m.19 views

CVE-2020-19697

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

6.1CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2023/04/04 3:15 p.m.20 views

Cross site scripting

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

5.8CVSS6.3AI score0.0066EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder