CVE-2019-15053

The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element...

PT-2019-13962 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.0-alpha Description: An issue allows a user to store an IFRAME element, containing a user/card.php CSRF request, in their Linked Files settings page. When visited by the admin, this could completely take over the admin...

NewStart CGSL MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0001)

The remote NewStart CGSL host, running version MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities: - A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting a...

Valve: [steam client] Opening a specific steam:// url overwrites files at an arbitrary location

If a user opens steam://devkit-1/list-shortcuts?response=/tmp/testfile, a file /tmp/testfile will be created containing the response to this request. Another problem with this is that the file will be overwritten if it already exists. The owner of the file will be the same as the user that runs t...

See how do I find Microsoft Outlook for Android mobile application XSS vulnerability-vulnerability warning-the black bar safety net

! Share today It's about the Outlook for Andriod storage typeXSSvulnerability, the author through a friend sent technology mail by chance discovered the vulnerability, after months of reproducing the structure, eventually Microsoft acknowledged the vulnerability, CVE-2019-1105-in. Vulnerability...

Concrete CMS: Unauthenticated reflected XSS in preview_as_user function

An unauthenticated, reflected cross-site-scripting attack is possible due to the unsanitised cID parameter in the previewasuser functionality. Example URL: https://LOCAL-CONCRETE-INSTALL/ccm/system/panels/page/previewasuser/preview?cID=%22%3E%3C/iframe%3E%3Cscript%3Ealert1%3C/script%3E%3C!-- The...

curl: Insecure Frame (External)

Summary: Insecure Frame External Steps To Reproduce: Vulnerability Details identified an external insecure or misconfigured iframe. Remedy Apply sandboxing in inline frame For untrusted content, avoid the usage of seamless attribute and allow-top-navigation, allow-popups and allow-scripts in...

CVE-2019-4237

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419...

Cross site scripting

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419...

CVE-2019-4237

CVE-2019-4237 affects IBM InfoSphere Information Server (and Information Governance Catalog; on Cloud) versions 11.3, 11.5, and 11.7. It is a Cross-Frame Scripting vulnerability that can allow loading the vulnerable application inside an HTML iframe on a malicious page. Root cause details are not...

CVE-2019-4237

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419...

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

DEBIAN-CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

Information disclosure

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

CVE-2019-13075

Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...

IBM InfoSphere Information Server Cross-Frame Scripting Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server. An attacker could exploit the...

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability CVE-2019-1105 that impacted over 100 million users. However, at that time, very few details of the flaw were available in the...