CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

Cross site scripting

In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...

CVE-2019-16193

In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...

CVE-2019-16193

CVE-2019-16193 affects ArcGIS Enterprise 10.6.1. A crafted IFRAME can trigger a Cross Frame Scripting (XFS) attack via the EDIT MY PROFILE feature. Public records (NVD) cite CVSS v2 base 3.5 (LOW) and CVSS v3.1 base 5.4 (MEDIUM); attack vector: NETWORK, user interaction required (CVSS3.1), and pa...

PT-2019-16430 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 77.0.3865.75 Description: The issue is related to an inappropriate implementation in iframe, allowing a remote attacker to potentially perform a sandbox escape via a crafted HTML page. The severity of this issu...

CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

Cross site scripting

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

CVE-2019-15499

CVE-2019-15499 affects CodiMD 1.3.1. In Safari, an XSS can be triggered via an IFRAME element with allow-top-navigation in the sandbox attribute when used with a data: URL. Multiple sources (NVD, Red Hat advisory, OSV, CVE lists) corroborate this description. No explicit patch/version remediation...

McAfee Web Gateway Input Validation Error Vulnerability

McAfee Web Gateway MWG is a security gateway product from McAfee USA. The product provides threat protection, application control, and data loss prevention. An input validation error vulnerability exists in the administrator web console in McAfee MWG versions 7.8.2.x prior to 7.8.2.12, which can ...

CVE-2019-15062

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...

CVE-2019-15062

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...

CVE-2019-15062

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...

UBUNTU-CVE-2019-15062

An issue was discovered in Dolibarr 11.0.0-alpha. A user can store an IFRAME element containing a user/card.php CSRF request in his Linked Files settings page. When visited by the admin, this could completely take over the admin account. The protection mechanism for CSRF is to check the Referer...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

CVE-2019-3635

Exfiltration of Data in McAfee Web Gateway MWG 7.8.2.x prior to 7.8.2.12 allows attackers to obtain sensitive data via crafting a complex webpage that will trigger the Web Gateway to block the user accessing an iframe...

Design/Logic Flaw

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...