Advanced iFrame < 2022 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the aiconfigid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue PoC...

Google Chrome 访问控制错误漏洞

Google Chrome is a web browser from Google, Inc. An access control error vulnerability exists in versions of Google Chrome prior to 98.0.4758.80, which can be exploited by remote attackers to bypass the iframe sandbox via a carefully crafted HTML page...

PT-2022-25304 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 98.0.4758.80 Description: The issue is related to an inappropriate implementation in Paint, allowing a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. This can be achieved b...

CVE-2021-22819

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

多款Schneider Electric产品安全漏洞

Schneider Electric EVlink City and others are a charging solution for electric vehicle charging stations from Schneider Electric, a French company. A security vulnerability exists in several Schneider Electric products that originates when a user is induced to use a web interface rendered in...

Mageia: Security Advisory (MGASA-2021-0505)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2022:0199-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0199-1 advisory. - CVE-2021-4140: Fixed Iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when...

OPENSUSE-SU-2022:0199-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - CVE-2021-4140: Fixed Iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. -...

SUSE-SU-2022:14880-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. - CVE-2022-22739:...

athensmagazine.gr IFRAME Injection vulnerability OBB-2343268

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-C6RP-XVQV-MWMF Cross-site Scripting in epubjs

managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS...

agrinio.gov.gr IFRAME Injection vulnerability OBB-2343252

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

in mastodon/mastodon

Description The message event listener in embed.js does not check the origin of postMessage before changing the height of the embedded toots. The vulnerable code allows any origin to postMessage on the browser window and feeds attacker's input id and height to code and now attacker is able to...

Prototype Pollution in mastodon/mastodon

Description Javascript is "prototype" language which means when a new "object" is created, it carries the predefined properties and methods of an "object" with itself like toString, constructor etc. By using prototype-pollution vulnerability, an attacker can overwrite/create the property of that...

SUSE-SU-2022:0137-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. - CVE-2022-22739:...

SUSE-SU-2022:0136-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. - CVE-2022-22739:...

OPENSUSE-SU-2022:0136-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT bsc1194547. - CVE-2022-22737: Fixed race condition when playing audio files bsc1194547. - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur bsc1194547. - CVE-2022-22739:...

The vulnerability in the isolated iframe of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, allows an attacker to exploit incorrect restrictions on the visible layers or frames of the user interface.

The vulnerability in the isolated iframe of the Thunderbird email client, as well as browsers Firefox and Firefox ESR, is related to an incorrect limitation on the visible layers or frames of the user interface. This issue arises due to a mistake in navigation within the iframe when requesting...

The vulnerability in the isolated iframe environment of Thunderbird email clients, as well as Firefox and Firefox ESR browsers, allows an attacker to bypass the isolated JavaScript iframe environment and execute arbitrary JavaScript code in a random window.

The vulnerability in the isolated iframe environment of Thunderbird email clients, as well as Firefox and Firefox ESR browsers, relates to exploiting security restrictions during the execution of XSLT transformations using iframe-based environments. Exploiting this vulnerability allows an attacke...

Security fix for the ALT Linux 10 package firefox-esr version 91.5.0-alt1

91.5.0-alt1 built Jan. 19, 2022 Andrey Cherepanov in task 293339 Jan. 11, 2022 Andrey Cherepanov - New ESR version. - Security fixes: + CVE-2022-22746 Calling into reportValidity could have lead to fullscreen window spoof + CVE-2022-22743 Browser window spoof using fullscreen mode + CVE-2022-2274...