Lucene search
K

5125 matches found

Amazon
Amazon
added 2020/07/29 12:0 a.m.40 views

Low: doxygen

Issue Overview: Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection. CVE-2016-10245 Affected Packages: doxygen Issue Correction: Run yum update doxygen or yum update --advisory ALAS-2020-1412 to...

6.1CVSS6.5AI score0.01823EPSS
Exploits0
OSV
OSV
added 2020/07/29 12:0 a.m.3 views

UBUNTU-CVE-2020-15653

An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR 78.1, Firefox 79, and...

6.5CVSS7.4AI score0.01209EPSS
Exploits0References5
Apple
Apple
added 2020/07/28 5:32 a.m.58 views

About the security content of Safari 13.0.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

8.8CVSS0.5AI score0.06927EPSS
Exploits2Affected Software3
Hacker One
Hacker One
added 2020/07/23 2:13 p.m.174 views

lemlist: CVE-2019-19935 - DOM based XSS in the froala editor

Summary: A stored XSS flow exist in the froala editor used in the web application. This can be trigger by using the code view of the editor Steps To Reproduce: 1. Start a new campaign 2. fill all the fieds and choose blank email template for the message 3. Switch to code editor view and inject "...

4.3CVSS6AI score0.01847EPSS
Exploits3
NVD
NVD
added 2020/07/22 5:15 p.m.11 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS6.8AI score0.01709EPSS
Exploits0References11
OSV
OSV
added 2020/07/22 5:15 p.m.3 views

DEBIAN-CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS7.1AI score0.01709EPSS
Exploits0References1
OSV
OSV
added 2020/07/22 5:15 p.m.8 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS8.7AI score
Exploits0References11
UbuntuCve
UbuntuCve
added 2020/07/22 5:15 p.m.17 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS6.9AI score0.01709EPSS
Exploits0References1
Prion
Prion
added 2020/07/22 5:15 p.m.17 views

Design/Logic Flaw

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

4.3CVSS6.7AI score0.01709EPSS
Exploits0References11Affected Software5
OSV
OSV
added 2020/07/22 5:15 p.m.3 views

UBUNTU-CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS6.6AI score0.01709EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/07/22 4:16 p.m.17 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.9AI score0.01709EPSS
Exploits0References11
CVE
CVE
added 2020/07/22 4:16 p.m.300 views

CVE-2020-6526

CVE-2020-6526 affects Google Chrome before 84.0.4147.89. An inappropriate implementation in the iframe sandbox could allow a remote attacker to bypass navigation restrictions via a crafted HTML page. Public references in Debian and FreeBSD advisories align with a fixed version around 84.0.4147.89...

6.5CVSS6.7AI score0.01709EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2020/07/22 4:16 p.m.22 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

6.5CVSS7.4AI score0.01709EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2020/07/15 5:8 p.m.16 views

CVE-2020-6526

Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...

4.3CVSS3.5AI score0.01709EPSS
Exploits0References4
OSV
OSV
added 2020/07/14 8:15 p.m.3 views

CVE-2019-12773

An issue was discovered in Verint Impact 360 15.1. At wfo/help/helppopup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this produc...

6.1CVSS6AI score0.00843EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/07/14 7:27 p.m.27 views

CVE-2019-12773

An issue was discovered in Verint Impact 360 15.1. At wfo/help/helppopup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this produc...

6.2AI score0.00843EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2020/07/14 12:0 a.m.5 views

PT-2021-9173 · Openshift Container Platform · Kibana

Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform's distribution of Kibana affected versions not specified Description: A flaw in OpenShift Container Platform's distribution of Kibana allows it to be opened in an iframe, enabling an attacker to intercept and...

9.8CVSS7.5AI score0.99856EPSS
Exploits37References168
Hacker One
Hacker One
added 2020/07/13 12:9 p.m.15 views

U.S. Dept Of Defense: DOM XSS on https://www.███████

Description DOM XSS can be achieved due to missing sanitation when setting the source of an iframe. POC 1. Visit https://www.████frame.htmljavascript:alertdocument.domain 2. View alert Vulnerable Code javascript function Load str=document.location.hash,idx=str.indexOf'' ifidx=0 str=str.substr1;...

1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/29 11:13 a.m.5 views

climate.hawaii.gov IFRAME Injection vulnerability OBB-1210714

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Hacker One
Hacker One
added 2020/06/25 12:38 p.m.99 views

Mail.ru: HTML/iframe/XSS injection on https://www.ucs.ru/online/shelter/settings/check/

Potential XSS via POST parameters in www.ucs.ru...

3AI score
Exploits0
Rows per page
Query Builder