5125 matches found
pathcore.hms.harvard.edu IFRAME Injection vulnerability OBB-3230397
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
mczbase.mcz.harvard.edu IFRAME Injection vulnerability OBB-3230393
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
kiki.huh.harvard.edu IFRAME Injection vulnerability OBB-3230388
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
maps.cga.harvard.edu IFRAME Injection vulnerability OBB-3230353
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ads.harvard.edu IFRAME Injection vulnerability OBB-3230342
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
RHEL 9 : thunderbird (RHSA-2023:1402)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:1402 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.9.0. Security Fixes: Mozilla:...
CVE-2023-28439
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
DEBIAN-CVE-2023-28439
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
Cross site scripting
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
UBUNTU-CVE-2023-28439
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
CVE-2023-28439
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
CVE-2023-28439 ckeditor4 plugins vulnerable to cross-site scripting caused by the editor instance destroying process
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
CVE-2023-28439
CKEditor4 contains a cross-site scripting vulnerability affecting the Iframe Dialog and Media Embed plugins. The issue arises from improper input handling and specific initialization/destroy conditions that can trigger JavaScript execution on a page with insufficient CSP. A patch is available in ...
CVE-2023-28439
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages ...
Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...
Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...
Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...
Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...