Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5123 matches found

CVE
CVEadded 2019/05/19 7:0 p.m.42 views

CVE-2019-12184

CVE-2019-12184 affects BoostIO Boostnote 0.11.15. The vulnerability is an XSS in browser/components/MarkdownPreview.js triggered via a label named flowchart, sequence, gallery, or chart, demonstrated by a crafted SRC attribute of an IFRAME element. The connected Red Hat CVE-2019-12184 entry mirro...

5.4CVSS5.1AI score0.00679EPSS
Exploits1References1Affected Software1
OSV
OSVadded 2019/05/16 3:29 p.m.4 views

CVE-2019-11033

Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the substring...

6.1CVSS6.3AI score0.00654EPSS
Exploits0References2
Prion
Prionadded 2019/05/16 3:29 a.m.14 views

Cross site scripting

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...

3.5CVSS5.1AI score0.00619EPSS
Exploits1References1Affected Software1
NVD
NVDadded 2019/05/16 3:29 a.m.24 views

CVE-2019-12136

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...

5.4CVSS5.1AI score0.00619EPSS
Exploits1References1
OSV
OSVadded 2019/05/16 3:29 a.m.14 views

CVE-2019-12136

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...

5.4CVSS5.2AI score
Exploits0References1
CVE
CVEadded 2019/05/16 2:55 a.m.43 views

CVE-2019-12136

BoostIO Boostnote 0.11.15 is affected by CVE-2019-12136. The vulnerability is an XSS in the UI when processing a label named mermaid, exploitable via a crafted SRC attribute of an IFRAME element. The issue originates from Boostnote’s rendering path for this label, enabling injection of malicious ...

5.4CVSS5.1AI score0.00619EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2019/05/16 2:55 a.m.22 views

CVE-2019-12136

There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...

5.2AI score0.00619EPSS
Exploits1References1
Veracode
Veracodeadded 2019/05/02 6:45 a.m.22 views

Arbitrary Code Execution

Firefox, Firefox ESR and Thunderbird are vulnerable to arbitrary code execution attacks. A remote unauthenticated attacker could exploit the vulnerable URI Handler component by spoofing the origin of a modal alert via iframe content and the 'data:' protocol leading to potential code execution...

5.3CVSS8AI score0.01837EPSS
Exploits1References13Affected Software4
Veracode
Veracodeadded 2019/05/02 6:45 a.m.18 views

Information Disclosure

Firefox, Firefox ESR and Thunderbird are vulnerable to information disclosure. A remote unauthenticated attacker could exploit the vulnerable IFRAME Handler component to bypass same-origin policy protections on pages with embedded iframes during page reloads and access content on the top level pa...

7.5CVSS8.2AI score0.02376EPSS
Exploits1References13Affected Software2
Veracode
Veracodeadded 2019/05/02 5:46 a.m.22 views

Cross-site Scripting (XSS)

mozilla firefox is vulnerable to cross-site scripting XSS attacks. JavaScript event handler attributes on a tag will execute inside a sandboxed iframe that does not have the allow-scripts flag set...

6.1CVSS7.2AI score0.01476EPSS
Exploits0References14Affected Software1
Tenable Nessus
Tenable Nessusadded 2019/05/02 12:0 a.m.13 views

Fedora 30 : glpi (2019-e50f92e4c1)

Version 9.4.1.1 Non exhaustive list of changes : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was n...

5.5AI score
Exploits0References3
Hacker One
Hacker Oneadded 2019/04/08 12:34 a.m.9 views

Vanilla: Hidden Stored XSS in nested post embeds

Summary: Comments can be crafted in a way that when quoted will trigger a hidden stored XSS payload. Requires initial user interaction. Description: When quoting a comment, an attacker can edit the insert embed-external data url field to contain a string which when parsed, can result in the...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessusadded 2019/04/08 12:0 a.m.11 views

Fedora 29 : glpi (2019-a66789a334)

Add security fix backported from 9.4 : - security Bad chevrons rendering on dropdowns 5468 - security Iframe and forms are rendered in rich text contents 5519 - security Type juggling authentication bypass 5520 - security Malicious images upload 5580 - security Password token date was not reset...

5.5AI score
Exploits0References1
OSV
OSVadded 2019/04/03 6:29 p.m.1 views

DEBIAN-CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS8.3AI score0.01075EPSS
Exploits0References1
OSV
OSVadded 2019/04/03 6:29 p.m.8 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

8.1CVSS7.8AI score
Exploits0References5
Prion
Prionadded 2019/04/03 6:29 p.m.17 views

Cross site scripting

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

5.8CVSS7.2AI score0.01075EPSS
Exploits0References5Affected Software4
Cvelist
Cvelistadded 2019/04/03 5:43 p.m.21 views

CVE-2018-4319

A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...

7.8AI score0.01075EPSS
Exploits0References5
CVE
CVEadded 2019/04/03 5:43 p.m.151 views

CVE-2018-4319

CVE-2018-4319 describes a cross-origin issue in iframe handling resolved by improved tracking of security origins in WebKit-based components. Affected products include Safari/WebKit on iOS before iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, and iCloud for Windows 7.7. Apple security pag...

8.1CVSS7.4AI score0.01075EPSS
Exploits0References5Affected Software4
OSV
OSVadded 2019/03/21 4:0 p.m.2 views

CVE-2018-16519

COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting XSS via URLs used by "iFrame" widgets...

6.1CVSS5.7AI score0.01875EPSS
Exploits2References4
NVD
NVDadded 2019/03/21 4:0 p.m.17 views

CVE-2018-16519

COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting XSS via URLs used by "iFrame" widgets...

6.1CVSS6.1AI score0.01875EPSS
Exploits2References4
Rows per page
Query Builder