Jenkins Dashboard View Plugin 跨站脚本漏洞

Jenkins and Jenkins Plugin are both products of Jenkins, an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Dashboard View Plugin version 2.18 and earlier is vulnerable to a cross-site scripting...

SUSE SLED15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:0821-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0821-1 advisory. Firefox Extended Support Release 91.7.0 ESR bsc1196900: - CVE-2022-26383: Browser window spoof using fullscree...

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:0822-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0822-1 advisory. Firefox Extended Support Release 91.7.0 ESR bsc1196900: - CVE-2022-26383: Browser window spoof using fullscreen mode -...

PT-2022-18283 · Jenkins · Jenkins Dashboard View Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Dashboard View Plugin versions 2.18 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because the Jenkins Dashboard View Plugin does not perform URL validation for the Iframe...

SUSE SLES15: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2022:0819-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0819-1 advisory. Firefox Extended Support Release 91.7.0 ESR bsc1196900: - CVE-2022-26383: Browser window spoof using fullscreen mode -...

CVE-2022-24733

Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker's page overlays the target application's interface wi...

CVE-2022-24733

Sylius (open-source eCommerce platform) has a clickjacking vulnerability in versions prior to 1.9.10, 1.10.11, and 1.11.2, where an attacker-controlled page could load the site in an iframe and overlay the interface. Root cause: missing X-Frame-Options header allowing framing. Impact: potential U...

SUSE-SU-2022:0822-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR bsc1196900: - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-...

SUSE-SU-2022:0821-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR bsc1196900: - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-...

Cross-site Scripting (XSS)

ssddanbrown/bookstack, is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization of the iframe tags on the CspService.php file allows an attacker to inject javascript through it...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

SUSE-SU-2022:0819-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.7.0 ESR bsc1196900: - CVE-2022-26383: Browser window spoof using fullscreen mode - CVE-2022-26384: iframe allow-scripts sandbox bypass - CVE-2022-26387: Time-of-check time-of-use bug when verifying add-...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Mozilla: iframe allow-scripts sandbox bypass

The Mozilla Foundation Security Advisory describes this flaw as: If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox...

Sylius 安全漏洞

Sylius is an open source e-commerce platform based on the Symfony framework from the Polish company Sylius. sylius has a security vulnerability that stems from the possibility that an attacker-controlled page could load the website in an iframe. This would enable a clickjacking attack where an...

ROS-20220314-01

Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation the vulnerability could allow an attacker acting remotely and who has the ability to control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts, could...

Scientific Linux Security Update : firefox on SL7.x i686/x86_64 (2022:0824)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0824-1 advisory. - Mozilla: Use-after-free in XSLT parameter processing CVE-2022-26485 - Mozilla: Use-after-free in WebGPU IPC Framework CVE-2022-26486 - expat:...

AlmaLinux 8 : firefox (ALSA-2022:0130)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0130 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...