5116 matches found
CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
DEBIAN-CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
clrn.org IFRAME Injection vulnerability
Vulnerable URL: http://www.clrn.org/search/search.cfm?resourceType=%3C/title%3E%27%22%3E%3Ciframe%20src=https://xssposed.org%3E%3C/iframe%3Eelr=%20bstract==1 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa...
The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, allows a hacker to deploy malicious elements on a page and force the user to activate them.
The vulnerability of the Cisco Identity Services Engine web interface interface is related to the lack of restrictions on the use of IFRAME elements. Exploiting this vulnerability allows a malicious actor to deploy malicious elements on the page and force users to activate them through a speciall...
members.virtualtourist.com IFRAME Injection vulnerability
Vulnerable URL: https://members.virtualtourist.com/m/nl/?targetUrl=%22%3E%3Ciframe%20src=%22http://www.xssposed.org%22%20height=%22100%22%20width=%22100%22?%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 21:34 GMT Vulnerability...
Ubuntu: Security Advisory (USN-2917-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
bookstore.franciscan.edu IFRAME Injection vulnerability
Vulnerable URL: http://bookstore.franciscan.edu/ePOS/form="robots/item.htmlnumber=W43134=421=421 Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 17:58 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Ran...
CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
CSP reports fail to strip location information for embedded iframe pages — Mozilla
Security researcher Muneaki Nishimura nishimunea of Recruit Technologies Co.,Ltd. reported that Content Security Policy CSP violation reports contained full path information for cross-origin iframe navigations in violation of the CSP specification. This could result in information disclosure...
UBUNTU-CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
UBUNTU-CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
With the Edge of the user's attention! WinRT PDF the presence of vulnerabilities or hacking-vulnerability warning-the black bar safety net
Use the Edge browser users to pay attention to the browser before the date is considered to exist a certain security risk, may be exploited by hackers jeopardize computer security. IBM X-Force Advanced research team of security experts Mark Vincent Yason said, Win10 in the WinRT PDF the presence...
mexicoescultura.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-138678 Description| Value ---|--- Affected Website:| mexicoescultura.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
globalplanesearch.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-138207 Description| Value ---|--- Affected Website:| globalplanesearch.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...