Lucene search
K

5125 matches found

OSV
OSV
added 2022/02/09 11:15 p.m.3 views

CVE-2022-22807

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...

7.4CVSS7.1AI score0.00924EPSS
Exploits0References1
Veracode
Veracode
added 2022/02/09 7:0 a.m.31 views

Remote Code Execution (RCE)

firefox is vulnerable to remote code execution. The vulnerability exists due to the way iframes are handled by the browser allowing an attacker to execute maliciously crafted script via the iframe sandbox...

9.6CVSS3.7AI score0.00743EPSS
Exploits0References6Affected Software6
CNNVD
CNNVD
added 2022/02/09 12:0 a.m.5 views

EcoStruxure EV Charging Expert 安全漏洞

EcoStruxure EV Charging Expert is an electric vehicle charging infrastructure load management, access management and supervision solution from Schneider-electric, France. A security vulnerability exists in EcoStruxure EV Charging Expert, which stems from CWE-1021 An improper restriction in the...

7.4CVSS7.3AI score0.00924EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.41 views

AlmaLinux 8 : firefox (ALSA-2021:4123)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...

10CVSS7.4AI score0.0383EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.42 views

AlmaLinux 8 : thunderbird (ALSA-2021:4130)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4130 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigati...

10CVSS7.4AI score0.0383EPSS
Exploits0References7
Cvelist
Cvelist
added 2022/02/09 12:0 a.m.28 views

CVE-2022-22807

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...

7.6AI score0.00924EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2022/02/09 12:0 a.m.25 views

CVE-2022-22759

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...

9.6CVSS6.8AI score0.00743EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.59 views

Rocky Linux 8 : GNOME (RLSA-2021:4381)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4381 advisory. - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted...

9.8CVSS7.2AI score0.14542EPSS
Exploits8References98
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.30 views

Rocky Linux 8 : firefox (RLSA-2021:4123)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4123 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or...

10CVSS7.4AI score0.0383EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.43 views

AlmaLinux 8 : GNOME (ALSA-2021:4381)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4381 advisory. - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lea...

9.8CVSS8AI score0.14542EPSS
Exploits8References30
OSV
OSV
added 2022/02/09 12:0 a.m.2 views

UBUNTU-CVE-2022-22759

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...

9.6CVSS6.8AI score0.00743EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/02/08 12:0 a.m.38 views

Mozilla Firefox ESR < 91.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 91.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-05 advisory. - Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety...

9.6CVSS8.1AI score0.00926EPSS
Exploits2References9
Positive Technologies
Positive Technologies
added 2022/02/08 12:0 a.m.5 views

PT-2022-6694 · Schneider Electric · Ecostruxure Ev Charging Expert

Name of the Vulnerable Software and Affected Versions: EcoStruxure EV Charging Expert versions prior to V4.0.0.13 Description: A vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within...

8.5CVSS7.2AI score0.00924EPSS
Exploits0References7
Mozilla
Mozilla
added 2022/02/08 12:0 a.m.45 views

Security Vulnerabilities fixed in Firefox ESR 91.6 — Mozilla

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...

9.6CVSS0.4AI score0.00926EPSS
Exploits2References9Affected Software1
Mozilla
Mozilla
added 2022/02/08 12:0 a.m.400 views

Security Vulnerabilities fixed in Firefox 97 — Mozilla

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Firefox on Windows. Other operating systems are unaffected. If a user...

9.6CVSS0.3AI score0.00926EPSS
Exploits2References13Affected Software1
Mozilla
Mozilla
added 2022/02/08 12:0 a.m.325 views

Security Vulnerabilities fixed in Thunderbird 91.6 — Mozilla

A Time-of-Check Time-of-Use bug existed in the Maintenance Updater Service that could be abused to grant Users write access to an arbitrary directory. This could have been used to escalate to SYSTEM access.This bug only affects Thunderbird on Windows. Other operating systems are unaffected. If a...

9.6CVSS0.3AI score0.00926EPSS
Exploits2References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/02/08 12:0 a.m.34 views

Mozilla Firefox ESR < 91.6

The version of Firefox ESR installed on the remote Windows host is prior to 91.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-05 advisory. - Mozilla developers and community members Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs prese...

9.6CVSS8AI score0.00926EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2022/02/08 12:0 a.m.36 views

Mozilla Firefox < 97.0

The version of Firefox installed on the remote Windows host is prior to 97.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-04 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firef...

9.6CVSS7.9AI score0.00926EPSS
Exploits2References13
CNNVD
CNNVD
added 2022/02/04 12:0 a.m.2 views

WordPress plugin Embed Swagger 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

6.1CVSS6.1AI score0.03865EPSS
Exploits2References4
Patchstack
Patchstack
added 2022/02/02 12:0 a.m.16 views

WordPress Advanced iFrame plugin <= 2021.9 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by JrXnm in WordPress Advanced iFrame plugin versions = 2021.9. Solution Update the WordPress Advanced iFrame plugin to the latest available version at least 2022...

6.1CVSS2.5AI score0.00788EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder