5125 matches found
Low: doxygen
Issue Overview: Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection. CVE-2016-10245 Affected Packages: doxygen Issue Correction: Run yum update doxygen or yum update --advisory ALAS-2020-1412 to...
UBUNTU-CVE-2020-15653
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR 78.1, Firefox 79, and...
About the security content of Safari 13.0.1 - Apple Support
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...
lemlist: CVE-2019-19935 - DOM based XSS in the froala editor
Summary: A stored XSS flow exist in the froala editor used in the web application. This can be trigger by using the code view of the editor Steps To Reproduce: 1. Start a new campaign 2. fill all the fieds and choose blank email template for the message 3. Switch to code editor view and inject "...
CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
DEBIAN-CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
Design/Logic Flaw
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
UBUNTU-CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2020-6526
CVE-2020-6526 affects Google Chrome before 84.0.4147.89. An inappropriate implementation in the iframe sandbox could allow a remote attacker to bypass navigation restrictions via a crafted HTML page. Public references in Debian and FreeBSD advisories align with a fixed version around 84.0.4147.89...
CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2020-6526
Inappropriate implementation in iframe sandbox in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
CVE-2019-12773
An issue was discovered in Verint Impact 360 15.1. At wfo/help/helppopup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this produc...
CVE-2019-12773
An issue was discovered in Verint Impact 360 15.1. At wfo/help/helppopup.jsp, the helpURL parameter can be changed to embed arbitrary content inside of an iFrame. Attackers may use this in conjunction with social engineering to embed malicious scripts or phishing pages on a site where this produc...
PT-2021-9173 · Openshift Container Platform · Kibana
Name of the Vulnerable Software and Affected Versions: OpenShift Container Platform's distribution of Kibana affected versions not specified Description: A flaw in OpenShift Container Platform's distribution of Kibana allows it to be opened in an iframe, enabling an attacker to intercept and...
U.S. Dept Of Defense: DOM XSS on https://www.███████
Description DOM XSS can be achieved due to missing sanitation when setting the source of an iframe. POC 1. Visit https://www.████frame.htmljavascript:alertdocument.domain 2. View alert Vulnerable Code javascript function Load str=document.location.hash,idx=str.indexOf'' ifidx=0 str=str.substr1;...
climate.hawaii.gov IFRAME Injection vulnerability OBB-1210714
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
Mail.ru: HTML/iframe/XSS injection on https://www.ucs.ru/online/shelter/settings/check/
Potential XSS via POST parameters in www.ucs.ru...