Mozilla Firefox ESR < 78.7

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-04 advisory. - Mozilla developers Alexis Beingessner, Christian Holler, Andrew McCreight, Tyson Smith, Jon Coppeard, And...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:0166-1 Rating: important References: 1181137 Cross-References: CVE-2020-16044 CVE-2021-21117 CVE-2021-21118 CVE-2021-21119 CVE-2021-21120 CVE-2021-21121 CVE-2021-21122 CVE-2021-21123 CVE-2021-21124...

Sandbox Restrictions Bypass

chromium is vulnerable to arbitrary code execution. An inappropriate implementation flaw in the iframe sandbox component allows an attacker to bypass sandbox restrictions...

Chromium CVE-2021-21139: Inappropriate implementation in iframe sandbox

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2020-27735

Wing FTP 6.4.4 web interface is vulnerable to a Cross‑Site Scripting (XSS) flaw. An arbitrary IFRAME can be injected into help pages via a crafted link, causing sandboxed HTML/JavaScript to execute in the victim’s browser. Affected component: the web interface of Wing FTP Server 6.4.4. Root cause...

CVE-2020-27735

An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of sandboxed arbitrary HTML and JavaScript in the user's browser...

Google Chrome iframe sandbox improperly implemented vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. An improperly implemented iframe sandbox vulnerability exists in versions of Google Chrome prior to 88.0.4324.96. A remote attacker can bypass navigation restrictio...

Google Chrome 安全漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. An improperly implemented iframe sandbox vulnerability exists in versions of Google Chrome prior to 88.0.4324.96. A remote attacker can bypass navigation restrictio...

Design/Logic Flaw

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing. This vulnerability affects Firefox 84...

CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing. This vulnerability affects Firefox 84...

Umbraco Cross-Site Scripting Vulnerability (CNVD-2020-75634)

Umbraco is an open source content management system CMS based on ASP.NET technology. Umbraco 8.9.1 and earlier versions are vulnerable to a stored cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject arbitrary JavaScript code into an iframe when editing content...

Umbraco 跨站脚本漏洞

Umbraco is an open source content management system CMS based on ASP.NET technology. Umbraco 8.9.1 and earlier versions are vulnerable to a stored cross-site scripting vulnerability. An attacker can exploit this vulnerability to inject arbitrary JavaScript code into an iframe when editing content...

A Google Docs Bug Could Have Allowed Hackers See Your Private Documents

Google has patched a bug in its feedback tool incorporated across its services that could be exploited by an attacker to potentially steal screenshots of sensitive Google Docs documents simply by embedding them in a malicious website. The flaw was discovered on July 9 by security researcher Sreer...

Cross-site Scripting (XSS)

intelliants/subrion is vulnerable to cross-site scripting XSS. The vulnerability exists through an iframe injection through the page content block in the Add a Page section...

Navigation Restriction Bypass

chromium is vulnerable to Navigation Restriction Bypass. Inappropriate implementation in iframe sandbox in Google Chrome allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

Authorization Bypass

firefox is vulnerable to authorization bypass. The vulnerability exists through HTTPS pages embedded in a HTTP page, a service worker registered for the former could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing...

UBUNTU-CVE-2020-26976

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the insecure framing. This vulnerability affects Firefox 84...

NewStart CGSL CORE 5.05 / MAIN 5.05 : doxygen Vulnerability (NS-SA-2020-0107)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has doxygen packages installed that are affected by a vulnerability: - Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

NewStart CGSL CORE 5.04 / MAIN 5.04 : doxygen Vulnerability (NS-SA-2020-0073)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has doxygen packages installed that are affected by a vulnerability: - Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

Zabbix 5.0.0 - Stored XSS via URL Widget Iframe

Exploit Title: Zabbix 5.0.0 - Stored XSS via URL Widget Iframe Date: 8/11/2020 Exploit Author: Shwetabh Vishnoi Vendor Homepage: https://www.zabbix.com/ Software Link: https://www.zabbix.com/download Affected Version: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before...