CVE-2022-38357

CVE-2022-38357 affects Eyes of Network Web application (EON). Public sources in the connected docs describe an iFrame injection vulnerability triggered by the url parameter in /module/module_frame/index.php, resulting in high impact (CVE details show CVSS v3.1: 8.8, network attack, user interacti...

Eyes of Network Web 注入漏洞

Eyes of Network Web is a global regulatory solution for hardware status of devices, operating systems, standard applications, business applications, and performance from the Eyes of Network Web community. A security vulnerability exists in Eyes of Network Web version 5.3 that originates in the ur...

Cross Site Scripting (XSS)

Microweber is vulnerable to stored Cross Site Scripting. The vulnerability is due to improper sanitization in the product category title field. An authenticated attacker can add or modify a category, adding an Iframe script tag to the title that will run arbitrary Javascript whenever a user visit...

mfi.fr IFRAME Injection vulnerability OBB-2835329

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

UI Redressing

Description Clickjacking is a portmanteau of two words ‘click’ and ‘hijacking’. It refers to hijacking user’s click for malicious intent. In it, an attacker embeds the vulnerable site in an transparent iframe in attacker’s own website and overlays it with objects such as button using CSS skills...

Vulnerabilities fixed in Cisco WebEx Meetings

Vulnerabilities have been fixed in Cisco WebEx Meetings. The vulnerabilities are located in the Cisco WebEx Meetings Web Interface and allow a remote malicious party to launch a cross-site scripting attack or to inject legitimate-looking iframes inject. Cisco has released updates to fix the...

iqconnect.house.gov IFRAME Injection vulnerability OBB-2825041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

DEBIAN-CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Design/Logic Flaw

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2022-1501

Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

MAL-2022-695 Malicious code in @unity-dashboard/iframe-messages (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware de906cbb3302deeec2d92925eaf0b571e8695af4fadb3c34e69187bcfc7c5129 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in activity-iframe-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 94f7b42aa01fdd5c7d433b8266287d4d592293312d50730555fc6410cf8e1cf5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...

Drupal 跨站脚本漏洞

Drupal is an open source content management system developed in PHP by the Drupal community. A cross-site scripting vulnerability exists in Drupal versions prior to 9.3.19 and prior to 9.4.3, which stems from Media oEmbed iframe routing that does not properly validate iframe domain settings...

DRUPAL-CORE-2022-015

The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. This advisory is not covere...

Amazon Linux 2 : thunderbird (ALAS-2022-1818)

The version of thunderbird installed on the remote host is prior to 91.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1818 advisory. crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versio...