CVE-2021-38017

CVE-2021-38017 affects Chromium/Google Chrome’s iframe sandbox. Before version 96.0.4664.45, insufficient policy enforcement in the iframe sandbox allowed a remote attacker to bypass navigation restrictions via a crafted HTML page (sandbox escape). The issue is documented across multiple advisori...

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

CVE-2021-38017

Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

The vulnerability in the isolated iframe environment of Google Chrome allows a perpetrator to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability in the isolated iframe environment of Google Chrome relates to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information through a specially created web page...

inprf-cd.gob.mx IFRAME Injection vulnerability OBB-2305769

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

CVE-2021-45092

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

Design/Logic Flaw

Thinfinity VirtualUI before 3.0 has functionality in /lab.html reachable by default that could allow IFRAME injection via the vpath parameter...

CVE-2021-45092

CVE-2021-45092 affects Thinfinity VirtualUI prior to 3.0. Affected component: the /lab.html endpoint (reachable by default), where the vpath parameter can be used to inject an IFRAME. Under the described conditions, exploitation could lead to iframeing external sites, with potential impact depend...

CVE-2021-43817

Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts insid...

CVE-2021-43817

Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts insid...

Collabora Online 跨站脚本漏洞

Collabora Online is an application from Collabora. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. Collabora Online suffers from a cross-site scripting vulnerability that stems from a lack of escaping and filtering of...

GHSA-C6C4-JMQX-3R33 Open Redirect in xdLocalStorage

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...

Open Redirect in xdLocalStorage

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...

CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

DEBIAN-CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

Design/Logic Flaw

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38503

The CVE-2021-38503 issue: the iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. Affected products include Firefox (versions before 94), Thunderbird (before 91.3), and Firefox ...