Security Vulnerabilities fixed in Firefox 100 — Mozilla

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...

Security Vulnerabilities fixed in Firefox ESR 91.9 — Mozilla

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...

Mozilla Firefox ESR < 91.9

The version of Firefox ESR installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-17 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safet...

GHSA-XR96-7CCP-PG5C DotNetNuke Vulnerable to XSS in Pass-Through Values

Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN, caused by improper validation of user-supplied input by an unspecified script. Pass through values were not getting filtered, leaving them vulnerable to XSS. A remote attacker could exploit this...

DotNetNuke Vulnerable to XSS in Pass-Through Values

Cross-site scripting XSS vulnerability in the IFrame module before 03.02.01 for DotNetNuke DNN, caused by improper validation of user-supplied input by an unspecified script. Pass through values were not getting filtered, leaving them vulnerable to XSS. A remote attacker could exploit this...

Denial Of Service (DoS)

chrome is vulnerable to denial of service. The vulnerability exists due to an inappropriate implementation in iframe...

Chromium: CVE-2022-1501 Inappropriate implementation in iframe

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12519 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free...

Mozilla Firefox Security Advisory (MFSA2022-10) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2022-10. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

chromium -- multiple vulnerabilities

Chrome Releases reports: This release contains 30 security fixes, including: 1313905 High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park SeHwa on 2022-04-06 1299261 High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park SeHwa on 2022-02-20 1305190 High...

The vulnerability in the isolated environment of the iframe in Firefox web browsers, Firefox ESR, and the Thunderbird email client allows a malicious actor to disclose protected information.

The vulnerability in the isolated environment of the Firefox web browser, Firefox ESR, and Thunderbird email client relates to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...

CVE-2021-45227

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...

CVE-2021-45227

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...

Cross site scripting

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...

CVE-2021-45227

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...

CVE-2021-45227

COINS Construction Cloud 11.12 contains a persistent Cross-Site Scripting (XSS) flaw in the file upload flow due to inappropriate handling of HTML IFRAME elements. Root cause: improper IFRAME usage during uploads enables script persistence. Impact is documented as client-side compromise; CVSS sco...

COINS Construction Cloud 跨站脚本漏洞

COINS Construction Cloud is an end-to-end suite of cloud and mobile software solutions from COINS, Inc. designed to help construction executives drive increased profitability across their business. A cross-site scripting vulnerability exists in COINS Construction Cloud 11.12 that stems from...

All Vulnerabilities for eca.europa.eu Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| eca.europa.eu ---|--- Open Bug Bounty...

Mozilla: iframe contents could be rendered outside the border

The Mozilla Foundation Security Advisory describes this flaw as: Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks...

Google Chrome 安全漏洞

Google Chrome is a web browser by Google, Inc. A security vulnerability previously existed in Google Chrome version 107.0.5304.62, which stemmed from an improperly implemented vulnerability in the iFrame Sandbox...