CVE-2018-3771

An XSS in statics-server = 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser...

PT-2018-16189 · Unknown · Statics-Server

Name of the Vulnerable Software and Affected Versions: statics-server versions 0.0.0 through 0.0.9 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. It occurs when statics-server displays a directory index in the browser and an attacker injects an iframe in the...

aomss.org.sg IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-649484 Description| Value ---|--- Affected Website:| aomss.org.sg Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

rj.gov.br IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-647977 Description| Value ---|--- Affected Website:| rj.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

sp.senac.br IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-647968 Description| Value ---|--- Affected Website:| sp.senac.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

salutis.com.br IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-647955 Description| Value ---|--- Affected Website:| salutis.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

bravox.com.br IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-647954 Description| Value ---|--- Affected Website:| bravox.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

mercurio.detran.pa.gov.br IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-645729 Description| Value ---|--- Affected Website:| mercurio.detran.pa.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

www2.detran.pa.gov.br IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-645728 Description| Value ---|--- Affected Website:| www2.detran.pa.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

Neatly bypassing CSP

How to trick CSP in letting you run whatever you want By bo0om, Wallarm research Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting XSS. It lists and describes paths and sources, from which the browser can safely load...

kager.net IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-643635 Description| Value ---|--- Affected Website:| kager.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

Cross-site Scripting (XSS)

buttle is vulnerable to cross-site scripting XSS attacks. The library does not sanitize filenames, allowing a malicious user to inject and execute arbitrary Javascript using a iframe tag as a filename...

CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites

Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners...

Cloudflare: Private API key leakage due to lack of access control

The lack of access control on the https://mobilesdk.cloudflare.com/api/v1/ api allows for a remote attacker to access and steal a logged in user's private data. This can be done due to the lack of origin protection. An attacker can embed the config URI...

RIG Exploit Kit Delivering Monero Miner Via PROPagate Injection Technique

Introduction Through FireEye Dynamic Threat Intelligence DTI, we observed RIG Exploit Kit EK delivering a dropper that leverages the PROPagate injection technique to inject code that downloads and executes a Monero miner similar activity has been reported by Trend Micro. Apart from leveraging a...

bolarusia.kompas.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-637381 Description| Value ---|--- Affected Website:| bolarusia.kompas.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

sadsong.net IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-636206 Description| Value ---|--- Affected Website:| sadsong.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

Security Bulletin: IBM InfoSphere DataStage is vulnerable to Cross-Frame Scripting issue (CVE-2016-9000)

Summary IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Vulnerability Details CVEID: CVE-2016-9000 DESCRIPTION: IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984)

Summary IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Vulnerability Details CVEID: CVE-2016-5984 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe...

Cisco Unified Communications Manager Input Validation Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. An input validation vulnerabilit...