inprf-cd.gob.mx IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-432094 Description| Value ---|--- Affected Website:| inprf-cd.gob.mx Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

archivo.unionpuebla.mx IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-432093 Description| Value ---|--- Affected Website:| archivo.unionpuebla.mx Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

archivo.unionjalisco.mx IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-432091 Description| Value ---|--- Affected Website:| archivo.unionjalisco.mx Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

webist.in IFRAME Injection vulnerability

Vulnerable URL: http://www.webist.in/livedemo.php?url=http://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 3007438 VIP website status:| No Coordinated Disclosure Timeline:...

agenziaastolfiscuola.it IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-429679 Description| Value ---|--- Affected Website:| agenziaastolfiscuola.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Mozilla: Cross-origin URL information leak through Resource Timing API (MFSA 2017-25)

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

visitpa.com XSS vulnerability

Open Bug Bounty ID: OBB-418110 Description| Value ---|--- Affected Website:| visitpa.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

Mozilla Firefox Cross-Origin URL Information Disclosure Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A cross-origin URL information disclosure vulnerability exists in Mozilla Firefox versions prior to 57.0. The vulnerability arises because the Resource Timing API incorrectly discloses navigati...

m.tongcoupon.kr IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-413709 Description| Value ---|--- Affected Website:| m.tongcoupon.kr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

escandinxavo.tk IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-413486 Description| Value ---|--- Affected Website:| escandinxavo.tk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

portal.scan-ict.nl IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-401804 Description| Value ---|--- Affected Website:| portal.scan-ict.nl Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...

bio.agriconnect.nl IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-401778 Description| Value ---|--- Affected Website:| bio.agriconnect.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

agrarischwaterbeheer.nl IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-401762 Description| Value ---|--- Affected Website:| agrarischwaterbeheer.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

Khan Academy: Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking)

Hello Sir/Mam , I was using the html editor in computer programming section , which allowed me to design a webpage. When i use the iframe tag , object tag and embed tag it show me the message that these tags are not allowed for security reasonsmay be cause of clickjacking attack or something but...

openoffice.us.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-379613 Description| Value ---|--- Affected Website:| openoffice.us.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

Input validation

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

UBUNTU-CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

CVE-2017-5107

The CVE-2017-5107 entry describes a timing-based information disclosure in Google Chrome's SVG rendering prior to 60.0.3112.78, enabling a remote attacker to extract pixel values from a cross-origin page loaded in an iframe on Linux/Windows/macOS. The connected sources corroborate Chrome/Chromium...