Lucene search
K

5125 matches found

Openbugbounty
Openbugbounty
added 2023/03/23 6:50 a.m.13 views

pathcore.hms.harvard.edu IFRAME Injection vulnerability OBB-3230397

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/23 6:3 a.m.22 views

mczbase.mcz.harvard.edu IFRAME Injection vulnerability OBB-3230393

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/23 5:51 a.m.17 views

kiki.huh.harvard.edu IFRAME Injection vulnerability OBB-3230388

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/23 5:15 a.m.14 views

maps.cga.harvard.edu IFRAME Injection vulnerability OBB-3230353

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/03/23 1:33 a.m.27 views

ads.harvard.edu IFRAME Injection vulnerability OBB-3230342

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.26 views

RHEL 9 : thunderbird (RHSA-2023:1402)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1402 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fixes: Mozilla:...

8.8CVSS8AI score0.00713EPSS
Exploits0References12
NVD
NVD
added 2023/03/22 9:15 p.m.10 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS5.7AI score0.00725EPSS
Exploits0References6
OSV
OSV
added 2023/03/22 9:15 p.m.1 views

DEBIAN-CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS6.9AI score0.00725EPSS
Exploits0References1
Prion
Prion
added 2023/03/22 9:15 p.m.65 views

Cross site scripting

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

5.8CVSS6.3AI score0.00725EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2023/03/22 9:15 p.m.1 views

UBUNTU-CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS7AI score0.00725EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/03/22 9:15 p.m.41 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS7AI score0.00725EPSS
Exploits0References4
OSV
OSV
added 2023/03/22 8:55 p.m.24 views

CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

4.7CVSS7.1AI score0.00725EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/03/22 8:55 p.m.20 views

CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

4.7CVSS6.9AI score0.00725EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/03/22 8:55 p.m.40 views

CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

4.7CVSS6.7AI score0.00725EPSS
Exploits0References6
CVE
CVE
added 2023/03/22 8:55 p.m.442 views

CVE-2023-28439

CKEditor4 contains a cross-site scripting vulnerability affecting the Iframe Dialog and Media Embed plugins. The issue arises from improper input handling and specific initialization/destroy conditions that can trigger JavaScript execution on a page with insufficient CSP. A patch is available in ...

6.1CVSS5.7AI score0.00725EPSS
Exploits0References6Affected Software1
Debian CVE
Debian CVE
added 2023/03/22 8:55 p.m.24 views

CVE-2023-28439

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...

6.1CVSS7AI score0.00725EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/03/22 10:39 a.m.2 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/22 10:38 a.m.6 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/22 10:38 a.m.2 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/22 10:26 a.m.6 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
Rows per page
Query Builder