5118 matches found
CVE-2017-14744
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element...
CVE-2017-14744
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element...
CVE-2017-14744
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element...
CVE-2017-14744
UEditor 1.4.3.3 is vulnerable to cross-site scripting via the SRC attribute of an IFRAME element. The issue is documented across multiple sources (NVD, CNVD, Red Hat, CVE lists) and is consistently described as an XSS in Baidu/UEditor, with no explicit remediation or patch version provided in the...
blogsmexico.mx IFRAME Injection vulnerability
Vulnerable URL: https://blogsmexico.mx/blog/dulcecandy-com/post/iframe?url=https://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.12.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 9579381 VIP website...
library.dha.gov.ae IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-311638 Description| Value ---|--- Affected Website:| library.dha.gov.ae Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
ny100.cn IFRAME Injection vulnerability
Vulnerable URL: http://www.ny100.cn/url/index.asp?url=https://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.12.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...
outlink.pryc.eu IFRAME Injection vulnerability
Vulnerable URL: https://outlink.pryc.eu/webinsider/?url=openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.12.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| ...
privatelink.de IFRAME Injection vulnerability
Vulnerable URL: http://privatelink.de/forward/?https%3A%2F%2Fopenbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.12.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 30692 VIP website status:| Yes Coordinate...
unmig.sviluppoeconomico.gov.it IFRAME Injection vulnerability
Vulnerable URL: http://unmig.sviluppoeconomico.gov.it/dgsaie/ambiti/rqnome.asp?stringa=%3Ciframe%20src=https://www.openbugbounty.org%20%3C Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / No...
Legal Robot: Clickjacking in Legalrobot app
Dear Team, POC Please find attached screenshots Steps to reproduce: create index.html file with following content: Open index.html in browser Actual result: Legalrobot email verification page is viewed in iframe. Remediation: Frame busting technique is the better framing protection technique...
abe.cl IFRAME Injection vulnerability
Vulnerable URL: http://www.abe.cl/ver.php?url=http://openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.12.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 8725552 VIP website status:| No Coordinated...
Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
WebClientPrint Processor 2.0.15.109 Updates Remote Code Execution Vulnerability
RedTeam Pentesting discovered that rogue updates trigger a remote code execution vulnerability in WebClientPrint Processor WCPP. These updates may be distributed through specially crafted websites and are processed without any user interaction as soon as the website is accessed. However, the...
startxchange.com IFRAME Injection vulnerability
Vulnerable URL: http://startxchange.com/frame.php?url=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 14.11.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 210170 VIP website status:| No Chec...
Mozilla: Same-origin policy bypass with iframes through page reloads (MFSA 2017-19)
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Mozilla: Spoofing following page navigation with data: protocol and modal alerts (MFSA 2017-19)
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
CVE-2017-7788
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...
CVE-2017-7791
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...