UBUNTU-CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

comune.ragusa.gov.it IFRAME Injection vulnerability OBB-1196509

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Shopify: xss on polaris.shopify.com/demo using postMessage

Description it's possible to run arbitrary js code using https://polaris.shopify.com/demo + postMessage following codes are from this file which formatted using prettier Demo component line 381 uses addEventListener to listen for message events line 401: js componentDidMount...

andertons.co.uk IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1165857 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

galeria.de IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1165296 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

carteracura.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1161917 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2020-10743

It was discovered that OpenShift Container Platform's OCP distribution of Kibana could open in an iframe, which made it possible to intercept and manipulate requests. This flaw allows an attacker to trick a user into performing arbitrary actions in OCP's distribution of Kibana, such as...

WordPress iframe Plugin < 4.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113687";...

WordPress iframe cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. iframe is an inline frame used to embed another document into the current HTML document. A security vulnerability exists in WordPress...

CVE-2020-12696

The iframe plugin before 4.5 for WordPress does not sanitize a URL...

CVE-2020-12696

The iframe plugin before 4.5 for WordPress does not sanitize a URL...

Design/Logic Flaw

The iframe plugin before 4.5 for WordPress does not sanitize a URL...

CVE-2020-12696

CVE-2020-12696 affects the WordPress iframe plugin (versions before 4.5). The issue is that the plugin does not sanitize user-supplied URLs in the iframe, enabling a potential cross-site scripting (XSS) vector. Multiple sources cite this as an authenticated stored XSS vulnerability, with remediat...

CVE-2020-12696

The iframe plugin before 4.5 for WordPress does not sanitize a URL...

WordPress iframe plugin <= 4.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Guilherme Rubert in WordPress iframe plugin versions = 4.4. Solution Update the WordPress iframe plugin to the latest available version at least 4.5...

Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)

The iframe plugin before 4.5 does not sanitize a URL. iframe src="javascript:alertdocument.cookie" width="100%" height="500"...

Iframe < 4.5 - Authenticated Stored Cross Site Scripting (XSS)

The iframe plugin before 4.5 does not sanitize a URL. PoC iframe src="javascript:alertdocument.cookie" width="100%" height="500"...

priceelf.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1155528 Security Researcher ELProfesor Helped patch 2814 vulnerabilities Received 8 Coordinated Disclosure badges Received 107 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting priceelf.com website a...

informatief.financieeldossier.nl IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1152215 Security Researcher nullsc Helped patch 3 vulnerabilities Received 0 Coordinated Disclosure badges Received 1 recommendations , found a security vulnerability affecting informatief.financieeldossier.nl website and its users. Following coordinated and responsible...

movie2.elpn.net IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1146513 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting movie2.elpn.net website and its users. Following...