Cross-site Scripting in BookStack

Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of...

WordPress Advanced iFrame plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Advanced iFrame plugin versions prior to 2022 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

UBUNTU-CVE-2022-26384

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91....

CVE-2022-26384

If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox 98, Firefox ESR 91.7, and Thunderbird 91....

Mageia: Security Advisory (MGASA-2022-0093)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0093 Updated firefox packages fix security vulnerabilities

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash CVE-2022-26381. When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification CVE-2022-26383. If an attacker coul...

Updated firefox packages fix security vulnerabilities

An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploitable crash CVE-2022-26381. When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification CVE-2022-26383. If an attacker coul...

Mozilla Firefox ESR < 91.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-11 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts,...

Mozilla Firefox < 98.0

The version of Firefox installed on the remote Windows host is prior to 98.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-10 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were abl...

Mozilla Firefox < 98.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 98.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-10 advisory. - If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, the...

Mozilla Firefox 权限许可和访问控制问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a permissions licensing and access control issue vulnerability that stems from a logic error when handling iframes. The vulnerability can be exploited by an attacker to...

Security Vulnerabilities fixed in Thunderbird 91.7 — Mozilla

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript...

Security Vulnerabilities fixed in Firefox 98 — Mozilla

When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. If an attacker could control the contents of an iframe sandboxed with allow-popups but not allow-scripts, they were able to craft a link that, when clicked, would lead to JavaScript...

Amazon Linux 2 : thunderbird (ALAS-2022-1763)

The version of thunderbird installed on the remote host is prior to 91.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1763 advisory. The Mozilla Foundation Security Advisory describes this flaw as: It was possible to construct specific XSLT markup th...

CVE-2021-24953

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24953

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-24953 Advanced iFrame < 2022 - Reflected Cross-Site Scripting

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Advanced iFrame plugin versions prior to 2022 contain a cross-site scripting vulnerability that stems from the plugin's failure to...

Cross-site Scripting (XSS) - Stored

Description Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop thi...

SUSE SLES15 Security Update : MozillaFirefox (SUSE-SU-2022:0676-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0676-1 advisory. - A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an...