5125 matches found
CVE-2022-22807
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
Remote Code Execution (RCE)
firefox is vulnerable to remote code execution. The vulnerability exists due to the way iframes are handled by the browser allowing an attacker to execute maliciously crafted script via the iframe sandbox...
EcoStruxure EV Charging Expert 安全漏洞
EcoStruxure EV Charging Expert is an electric vehicle charging infrastructure load management, access management and supervision solution from Schneider-electric, France. A security vulnerability exists in EcoStruxure EV Charging Expert, which stems from CWE-1021 An improper restriction in the...
AlmaLinux 8 : firefox (ALSA-2021:4123)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...
AlmaLinux 8 : thunderbird (ALSA-2021:4130)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4130 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...
CVE-2022-22807
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...
CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...
Rocky Linux 8 : GNOME (RLSA-2021:4381)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4381 advisory. - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted...
Rocky Linux 8 : firefox (RLSA-2021:4123)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...
AlmaLinux 8 : GNOME (ALSA-2021:4381)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4381 advisory. - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lea...
UBUNTU-CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...
Mozilla Firefox ESR < 91.6
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-05 advisory. - Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety...
PT-2022-6694 · Schneider Electric · Ecostruxure Ev Charging Expert
Name of the Vulnerable Software and Affected Versions: EcoStruxure EV Charging Expert versions prior to V4.0.0.13 Description: A vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within...
Security Vulnerabilities fixed in Firefox ESR 91.6 — Mozilla
A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...
Security Vulnerabilities fixed in Firefox 97 — Mozilla
A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...
Security Vulnerabilities fixed in Thunderbird 91.6 — Mozilla
A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Thunderbird on Windows. Other operating systems are unaffected. If a...
Mozilla Firefox ESR < 91.6
The version of Firefox ESR installed on the remote Windows host is prior to 91.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-05 advisory. - Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs prese...
Mozilla Firefox < 97.0
The version of Firefox installed on the remote Windows host is prior to 97.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-04 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firef...
WordPress plugin Embed Swagger 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
WordPress Advanced iFrame plugin <= 2021.9 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Advanced iFrame plugin versions = 2021.9. Solution Update the WordPress Advanced iFrame plugin to the latest available version at least 2022...