5123 matches found
itapetim.pe.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668978 Description| Value ---|--- Affected Website:| itapetim.pe.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
varzea.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668976 Description| Value ---|--- Affected Website:| varzea.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
taperoa.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668975 Description| Value ---|--- Affected Website:| taperoa.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
olhodagua.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668974 Description| Value ---|--- Affected Website:| olhodagua.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
tavares.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668973 Description| Value ---|--- Affected Website:| tavares.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
saojosedeespinharas.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668972 Description| Value ---|--- Affected Website:| saojosedeespinharas.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
catingueira.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668971 Description| Value ---|--- Affected Website:| catingueira.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
condado.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668970 Description| Value ---|--- Affected Website:| condado.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
maedagua.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668944 Description| Value ---|--- Affected Website:| maedagua.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
cacimbadeareia.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668909 Description| Value ---|--- Affected Website:| cacimbadeareia.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
camalau.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-668884 Description| Value ---|--- Affected Website:| camalau.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
Remote Code Execution (RCE)
Electron is vulnerable to remote code execution RCE attacks. When IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" option are used, it is possible for an attacker to launch web preferences vulnerability leading to remote code execution...
Electron webPreferences vulnerability can be used to perform remote code execution
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a webPreferences vulnerability that can be leveraged to perform remote code execution. More information to determine if yo...
Remote code execution
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...
HackerOne: DOM Based XSS in www.hackerone.com via PostMessage
Summary: The Marketo contact form available on the www.hackerone.com website is affected by a cross-site scripting vulnerability, caused by an insecure 'message' event listener installed on the page. Whilst this could allow an attacker to execute JavaScript in the context of the www.hackerone.com...
statics-server cross-site scripting vulnerability
statics-server is a static file server. A cross-site scripting vulnerability exists in statics-server 0.0.9 and earlier versions. A remote attacker can exploit this vulnerability by injecting an iframe into a file name to execute arbitrary JavaScript code...
look4.be IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-657960 Description| Value ---|--- Affected Website:| look4.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
Design/Logic Flaw
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...
CVE-2017-2658
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...
PT-2018-7163 · Red Hat · Red Hat Jboss Data Virtualization & Services +1
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss BPM Suite versions prior to 6.4.2 Red Hat JBoss Data Virtualization & Services versions prior to 6.4.3 Description: A security issue was found in the Dashbuilder login page, which could be opened in an IFRAME. This allowed for t...