Cisco Patches Critical Bug In Video Conferencing Server Hardware

On Wednesday Cisco Systems patched a critical vulnerability found in its Cisco Meeting Server hardware, a key component in its enterprise audio, web and video conferencing service. The flaw, according to a Cisco Security Advisory, could allow an unauthenticated remote attacker to masquerade as a...

Cisco Unified Communications Manager iFrame Data Clickjacking Vulnerability

The Cisco Unified Communications Manager CUCM may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. Protection mechanisms should be used to prevent this type of attack. The vulnerability is due to a lack of proper...

Nextcloud: URI scheme bypass in mail app lead to HTML content spoof and opener control

Bug When we load a HTML mail from mailbox via api, etc http://nextcloud/index.php/apps/mail/accounts//folders/SU5CT1g=/messages//html Our content will be passed to HTML Purifier to strip malicious XSS patterns. After that, an filter will apply to transform acceptable URI schemes http, https, ftp,...

jewishmusic.fm IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-185370 Description| Value ---|--- Affected Website:| jewishmusic.fm Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

opydo.pl IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-185323 Description| Value ---|--- Affected Website:| opydo.pl Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation...

bdnews21.com IFRAME Injection vulnerability

Vulnerable URL: http://www.bdnews21.com/browse.php?link=www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 11.01.2017 Latest check for patch:| 11.01.2017 13:28 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 199773 VIP websi...

eyrolles.com IFRAME Injection vulnerability

Vulnerable URL: http://www.eyrolles.com/Accueil/Recherche/?q=%22%3E%3Ciframe%20src=https://openbugbounty.org%3E Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 18:55 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...

webring.org IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-183909 Description| Value ---|--- Affected Website:| webring.org Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediatio...

bbt.co.jp IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-183755 Description| Value ---|--- Affected Website:| bbt.co.jp Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

www1.tek.com IFRAME Injection vulnerability

Vulnerable URL: http://www1.tek.com/cgi-bin/frame.cgi?body=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

ny.com IFRAME Injection vulnerability

Vulnerable URL: https://www.ny.com/cgibin/frame.cgi?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 321466 VIP website status:| No Che...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2016-08178)

Mozilla Firefox is an open source web browser. A vulnerability in Mozilla Firefox's handling of segment identifiers in the SRC attribute of the IFRAME element allows remote attackers to build malicious web pages that can be exploited to trick users into parsing them, which can be used to bypass t...

CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

Authorization

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

UBUNTU-CVE-2016-5283

Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized...

jinkosolar.com IFRAME Injection vulnerability

Vulnerable URL: http://www.jinkosolar.com/projectslist.html?lan=-1' Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 11:18 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 359756 VIP website status:...

airnow.gov IFRAME Injection vulnerability

Vulnerable URL: https://airnow.gov/index.cfm?action=airnow.doSearch Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 108715 VIP website status:| No Check airnow.gov SSL connection:| Grade: A Coordinat...