CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

mln.com.au IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-370895 Description| Value ---|--- Affected Website:| mln.com.au Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

Design/Logic Flaw

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

UBUNTU-CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

DEBIAN-CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

adels-archiv.com IFRAME Injection vulnerability

Vulnerable URL: http://www.adels-archiv.com/shop/showcatrows.php?CategoryID=2=5%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 21:02 GMT...

sh-printing.com.tw IFRAME Injection vulnerability

Vulnerable URL: http://sh-printing.com.tw/single.php?id=17%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 20:53 GMT Vulnerability type:|...

u-hope.net IFRAME Injection vulnerability

Vulnerable URL: http://www.u-hope.net/productsindex.php?id=-14%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...

apepet.hk IFRAME Injection vulnerability

Vulnerable URL: http://www.apepet.hk/url.php?lang=en=https://www.openbugbounty.org\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1214558 VIP website status:| No...

ecssr.ac.ae IFRAME Injection vulnerability

Vulnerable URL: http://www.ecssr.ac.ae/CDA/Others/openExtLink/?link=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1660307 VIP website...

Baidu UEditor Cross-Site Scripting Vulnerability

Baidu UEditor is China's Baidu Baidu company's set of open source HTML editor . A cross-site scripting vulnerability exists in Baidu UEditor version 1.4.3.3. A remote attacker can leverage the SRC attribute of the IFRAME element to inject arbitrary web script or HTML...

adu.ch XSS vulnerability

Vulnerable URL: https://www.adu.ch/QTVR/iframe.php?fz=970%22%3E%3C/script%3E%3Cscript%3Ealert%22OPENBUGBOUNTY%22;%3C/script%3E%20%3C!-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

Webkit (Chome < 61) - 'MHTML' Universal Cross-site Scripting

MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----MultipartBoundary--" CVE-2017-5124 ------MultipartBoundary-- Content-Type: application/xml; ------MultipartBoundary-- Content-Type: text/html Content-Location: https://google.com alert'Location origin:...

CVE-2017-7815

On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiproce...

UBUNTU-CVE-2017-7815

On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiproce...

Security vulnerabilities fixed in Firefox 56 — Mozilla

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...

cl.angel.wwx.tw IFRAME Injection vulnerability

Vulnerable URL: http://cl.angel.wwx.tw/debug/frm-s/openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.12.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No...

belediyehaberleri.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-314778 Description| Value ---|--- Affected Website:| belediyehaberleri.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...