mbwin.net IFRAME Injection vulnerability

Vulnerable URL: http://www.mbwin.net/index.php?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 16489204 VIP website status:| No Check...

24livenewspaper.com IFRAME Injection vulnerability

Vulnerable URL: http://www.24livenewspaper.com/sites/?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 17885 VIP website status:| Yes...

migrosbank.ch IFRAME Injection vulnerability

Vulnerable URL: https://www.migrosbank.ch/de/privatpersonen/anlegen/marktuebersicht.html?idms-page=.openbugbounty.org/=en Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank...

universinet.it IFRAME Injection vulnerability

Vulnerable URL: http://www.universinet.it/components/comfeedpostold/feedpost.php?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 23:16 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...

PHPmongoDB 1.0.0 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link: https://github.com/phpmongodb/phpmongodb Version: 1.0.0 Introduction A Tool...

PHPmongoDB 1.0.0 - Multiple Vulnerabilities

Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link: https://github.com/phpmongodb/phpmongodb Version: 1.0.0 Introduction A Tool...

Uber: developer.uber.com/404 and developer.uber.com/docs/404 are susceptible to iframes

Issue You can iframe the error pages for https://developer.uber.com/404 and https://developer.uber.com/docs/404 Proof of concept An example can be found here http://codepen.io/JacobReynolds/pen/VaMbde?editors=1010 Impact There is not a large security impact from a cursory glance at the 404 pages...

Ubuntu 14.04 LTS : Firefox regressions (USN-2917-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2917-2 advisory. USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search...

bid.ub.edu IFRAME Injection vulnerability

Vulnerable URL: http://bid.ub.edu/consultaarticulos.php?url=http://www.xssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

edumedia-share.com IFRAME Injection vulnerability

Vulnerable URL: http://www.edumedia-share.com/search.php?q=%3Ciframe%20src=%22https://xssposed.org%22%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:10 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed...

jhu.edu IFRAME Injection vulnerability

Vulnerable URL: https://www.jhu.edu/search/?c=gsa=%3Ciframe%20src=https://xssposed.org%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:09 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 4365...

The vulnerability of the Firefox browser allows a perpetrator to obtain confidential information or circumvent existing access restrictions policies.

The vulnerability of Firefox browsers relates to the insufficient restrictions on the use of the IFrame mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions or obtain confidential information by using specially crafted JavaScript code that...

bio-rad.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-144069 Description| Value ---|--- Affected Website:| bio-rad.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

sermonaudio.com IFRAME Injection vulnerability

Vulnerable URL: http://www.sermonaudio.com/search.asp?speakerWithinSource=%22%3E%3Ciframe%20src=%22https://xssposed.org%22%3E======%27%3Balert%28String.fromCharCode%2888%2C83%2C83%2C80%2C79%2C83%2C69%2C68+%29%29%2F%2F%27%3B=B==false==0=0 Details: Description| Value ---|--- Patched:| Yes, at...

garciniacambogiaoffer.com IFRAME Injection vulnerability

Vulnerable URL: http://www.garciniacambogiaoffer.com/?affid=321584id=%27%22%3E%3Ciframe%20src=%22https://xssposed.org%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa...

opensecrets.org IFRAME Injection vulnerability

Vulnerable URL: https://www.opensecrets.org/indivs/search.php?name=dinor=%22%3E%3Ciframe%20src=%22https://xssposed.org%22%3E2016 Details: Description| Value ---|--- Patched:| Yes, at 26.05.2017 Latest check for patch:| 26.05.2017 05:40 GMT Vulnerability type:| IFRAME Injection Vulnerability...

Android Stock Browser Iframe DOS

This module exploits a vulnerability in the native browser that comes with Android 4.0.3. If successful, the browser will crash after viewing the webpage. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Wiping Out a Malicious Campaign Abusing Chinese Ad Platform

At FireEye Labs, we have discovered another well-crafted malvertising campaign that uses the ad API of one of the world’s largest search engines: China-based Baidu. The attacker employs a simple HTML redirector instead of shellcode or an exploit in an apparently benign-looking website. This leads...

old.kpfu.ru IFRAME Injection vulnerability

Vulnerable URL: http://old.kpfu.ru/eng/eljourn/izvuz/index.php?id=11=1=%3Ciframe%20src=https://xssposed.org%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...

museum-t-34.ru IFRAME Injection vulnerability

Vulnerable URL: http://www.museum-t-34.ru/en/search.php?q=%3Ciframe%20src=https://xssposed.org%3E=0=0 Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 21:56 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alex...