5124 matches found
Mozilla: Iframe contents could be rendered outside the iframe
The Mozilla Foundation Security Advisory describes this flaw as: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks...
PT-2022-16031 · Typo3 · Typo3/Html-Sanitizer
Name of the Vulnerable Software and Affected Versions: typo3/html-sanitizer versions prior to 1.5.0 or 2.1.1 Description: The HTML sanitizer is written in PHP and aims to provide XSS-safe markup based on explicitly allowed tags, attributes, and values. However, due to a parsing issue in the...
Amazon Linux 2 : thunderbird (ALAS-2022-1900)
The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...
Important: thunderbird
Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 When receiving an HTML email that contained an iframe element, which used a srcdoc...
WordPress Quiz and Survey Master plugin iFrame Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Quiz and...
thunderbird security update
CentOS Errata and Security Advisory CESA-2022:8555 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
WordPress Appointment Hour Booking plugin iFrame injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An iFrame injection...
The vulnerability in the isolated iframe environment of Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows attackers to perform spoofing attacks.
The vulnerability in the isolated environment of Firefox browsers, Mozilla Firefox, Firefox ESR, and Thunderbird’s email client is related to information representation errors in the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...
CVE-2022-4035
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...
CVE-2022-4035
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...
CVE-2022-4032
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'questionid' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated...
CVE-2022-4032
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'questionid' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated...
Input validation
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'questionid' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated...
Input validation
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...
CVE-2022-4035 Appointment Hour Booking <= 1.3.72 - Unauthenticated iFrame Injection via Appointment Form
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...
CVE-2022-4035
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...
CVE-2022-4035
The WordPress plugin Appointment Hour Booking (versions up to 1.3.72; OpenVAS notes
CVE-2022-4032 Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'questionid' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated...
CVE-2022-4032 Quiz and Survey Master <= 8.0.4 - Unauthenticated iFrame Injection via Paragraph and Short Answer
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'questionid' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated...
CVE-2022-4032
The CVE-2022-4032 entry concerns the WordPress plugin Quiz and Survey Master. Affected versions are up to and including 8.0.4. The root cause is insufficient input sanitization and output escaping for the question[id] parameter, allowing unauthenticated attackers to inject iframe tags into pages....