5123 matches found
Fedora 33 : webkit2gtk3 (2021-864dc37032)
The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-864dc37032 advisory. - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadO...
Stripo Inc: Bypassing Content-Security-Policy leads to open-redirect and iframe xss
Summary: https://my.stripo.email/cabinet//template-editor/..... has the ff: code to make iframes more secure: html pointing to other domains won't work but, the whitelist in frame-src data has listed .firebaseapp.com, a free hosting domain, leading to iframe abuse and redirects Steps To Reproduce...
MDaemon Webmail IFRAME Injection Vulnerability
MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. An IFRAME injection vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited by an attacker to perform any action with the privileges of the attacked...
CVE-2021-27182
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...
CVE-2021-27182
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...
Design/Logic Flaw
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...
CVE-2021-27182
CVE-2021-27182 describes an IFRAME injection vulnerability in MDaemon Webmail (WorldClient) prior to version 20.0.4. The issue can be triggered via an email message and allows an attacker to execute actions with the privileges of the affected user, highlighting a client-side/iframe-based trust bo...
CVE-2021-27182
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail aka WorldClient. It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user...
MDaemon Webmail 注入漏洞
MDaemon Webmail is a server-side application for providing mail services from MDaemon, Inc. in the United States. An IFRAME injection vulnerability exists in MDaemon Webmail versions prior to 20.0.4, which can be exploited by an attacker to perform any action with the privileges of the attacked...
CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...
DEBIAN-CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...
Code injection
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...
DEBIAN-CVE-2021-1765
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2021-1765
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy...
Code injection
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2021-1801
CVE-2021-1801 affects WebKitGTK (and WPE WebKit) up to pre-2.30.6. The issue allows a maliciously crafted web content to violate iframe sandboxing policy, effectively a sandbox/iframe policy relaxation risk. Public advisories (Arch Linux ASA-202103-24 and Debian security notices) describe this as...
CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...
CVE-2021-1801
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy...