5116 matches found
iehp.org IFRAME Injection vulnerability
Vulnerable URL: http://www.iehp.org/go.asp?url=www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 301686 VIP website status:| No Check iehp.org SSL...
chromium-browser: extensions web accessible resources bypass
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
chromium-browser: extensions web accessible resources bypass
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
chromium-browser: script injection in extensions
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...
CVE-2016-5162
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5160
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5149
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...
UBUNTU-CVE-2016-5149
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...
CVE-2016-5160
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
UBUNTU-CVE-2016-5160
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
UBUNTU-CVE-2016-5162
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5149
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...
CVE-2016-5160
Removed by vendor...
network.wwe.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-180880 Description| Value ---|--- Affected Website:| network.wwe.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
espn.com IFRAME Injection vulnerability
Vulnerable URL: http://www.espn.com/video/search?brand=null=%22%3E%3Ciframe%20src=%22http://www.openbugbounty.org%22%3E%3C/iframe%3E%22 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...
mediacom.com IFRAME Injection vulnerability
Vulnerable URL: http://www.mediacom.com/philippines/redirect?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 28.09.2016 Latest check for patch:| 28.09.2016 15:50 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank|...
Shopify: Open redirect allows changing iframe content in *.myshopify.com/admin/themes/<id>/editor
Hi , I managed to bypass the fix you deployed to the issue I reported in 159522. Apparently this is what the fix does: - Redirecting to https://checkout.shopify.com/ / only is allowed. - For example: victim.myshopify.com/account/logout?returnurl=https://checkout.shopify.com// will work - but...
CVE-2016-5160
The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...
CVE-2016-5149
The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...
KLA10865 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions or inject arbitrary code. Below is a complete list of vulnerabilities 1. An improper values validation at Skia can be exploited remotely via a...