5125 matches found
CVE-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
CVE-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
Cross site scripting
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
CVE-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
UBUNTU-CVE-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
CVE-2022-25276
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities...
CVE-2022-25276
The CVE-2022-25276 issue affects Drupal’s Media oEmbed iframe route, where iframe domain validation is insufficient, causing embeds to render in the context of the primary domain. This misvalidation can lead to cross-site scripting, leaked cookies, or other vulnerabilities under certain circumsta...
PT-2023-12783 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal versions prior to the fixed version Description: The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances,...
vak.minobrnauki.gov.ru IFRAME Injection vulnerability OBB-3266154
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-6010-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6010-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could...
NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2023-0009)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has firefox packages installed that are affected by multiple vulnerabilities: - crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, t...
CVE-2023-0546
The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to...
firefox security update
An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...
WordPress IFrame Shortcode Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)
Software IFrame Shortcode Type Plugin Vulnerable versions = 1.0.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29436 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f1f8d865c075 Credits Mika Required privilege...
Rocky Linux 9 : firefox (RLSA-2023:1337)
The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:1337 advisory. - Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 - Mozilla: Potential out-of-bounds when accessing throttled streams...
craftercms 4.x.x - cross-origin resource sharing Vulnerability
Exploit Title: craftercms 4.x.x - CORS Author: nu11secur1ty Vendor: https://docs.craftercms.org/en/4.0/index.html Software: https://github.com/craftercms/craftercms/tags = 4.x.x Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5 cross-origin...
GHSA-W974-RQ9X-MH3V Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter
Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter
Cross-site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...
CVE-2020-19697
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...
Cross site scripting
Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...