5123 matches found
CVE-2021-23957
Navigations through the Android-specific intent URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CVE-2021-23957
Navigations through the Android-specific intent URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CVE-2021-23957
CVE-2021-23957 : Firefox for Android was vulnerable to navigation via Android-specific intent URL schemes that could be misused to escape the iframe sandbox, potentially bypassing sandbox protections. The advisory indicates this affected Firefox versions prior to 85 and is limited to Android; oth...
CVE-2021-23957
Navigations through the Android-specific intent URL scheme could have been misused to escape iframe sandbox. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox 85...
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
Unspecified Vulnerability in Mozilla Firefox (CNVD-2021-14410)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox versions prior to 85. An attacker could exploit the vulnerability iframe sandboxing...
EulerOS 2.0 SP2 : doxygen (EulerOS-SA-2021-1289)
According to the version of the doxygen package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe...
Huawei EulerOS: Security Advisory for doxygen (EulerOS-SA-2021-1289)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the isolated iframe in the Google Chrome web browser allows a perpetrator to circumvent existing security restrictions.
The vulnerability in the isolated environment of the iframe in the Google Chrome web browser is related to an incorrect limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
CVE-2021-27375
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains...
CVE-2021-27375
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains...
Design/Logic Flaw
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains...
CVE-2021-27375
Traefik (software) is affected by CVE-2021-27375. The issue arises in versions prior to 2.4.5 and allows loading of IFRAME elements from other domains. The impact is that an attacker could potentially load cross-domain content via IFRAMEs due to this vulnerability. The public record notes a fix i...
CVE-2021-27375
Traefik before 2.4.5 allows the loading of IFRAME elements from other domains...
Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites
A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...
Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites
A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...
Containous Traefik Security Vulnerability
Containous Traefik is a reverse proxy and load balancer from Containous USA. A security vulnerability exists in Containous Traefik. The vulnerability stems from the software allowing IFRAME to be loaded from other domains.The following products and versions are affected:Containous Traefik 2.4.3...
CVE-2021-21139
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2021-21139
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
DEBIAN-CVE-2021-21139
Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...