movie2.elpn.net IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1146513 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting movie2.elpn.net website and its users. Following...

metatraderdemo.net IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1146257 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting metatraderdemo.net website and its users. Following...

33222.ir IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1145662 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting 33222.ir website and its users. Following coordinate...

55444.ir IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1145663 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting 55444.ir website and its users. Following coordinate...

eunis.eea.europa.eu IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1145007 Security Researcher MajorInfluenza Helped patch 120 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting eunis.eea.europa.eu website and its users...

g2b.go.kr IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1141539 Security Researcher keritzy Helped patch 2026 vulnerabilities Received 5 Coordinated Disclosure badges Received 4 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting g2b.go.kr website and its...

Denial Of Service (DoS)

Mozilla Thunderbird is vulnerable to denial of service DoS. A flaw was found in the way Thunderbird handled the HTML iframe tag. An HTML mail message with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the...

Information Disclosure

seamonkey is vulnerable to information disclosure. The scriptable plugin content allows remote attackers to obtain confidential information via malicious content in an IFRAME element in an HTML email message...

petroleyatirim.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-1136152 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Information Disclosure

cross-domain-local-storage-separately is vulnerable to information disclosure. The buildMessage function in xdLocalStorage.js allows the wildcard as the targetOrigin when calling the postMessage function on the iframe object, allowing any domains with iframe to accept requests from clients...

CVE-2020-11610

An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...

CVE-2020-11610

An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...

CVE-2020-11611

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...

CVE-2020-11611

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...

Design/Logic Flaw

An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...

Design/Logic Flaw

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...

CVE-2020-11610

An issue was discovered in xdLocalStorage through 2.0.5. The postData function in xdLocalStoragePostMessageApi.js specifies the wildcard as the targetOrigin when calling the postMessage function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and...

CVE-2020-11611

An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage function in xdLocalStorage.js specifies the wildcard as the targetOrigin when calling the postMessage function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages...

Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data

Cybersecurity researchers today uncovered an ongoing new Magecart skimmer campaign that so far has successfully compromised at least 19 different e-commerce websites to steal payment card details of their customers. According to a report published today and shared with The Hacker News, RiskIQ...

CVE-2020-9784

A logic issue was addressed with improved restrictions. This issue is fixed in Safari 13.1. A malicious iframe may use another website’s download settings...