5125 matches found
CVE-2017-2658
It was discovered that the Dashbuilder login page as used in Red Hat JBoss BPM Suite before 6.4.2 and Red Hat JBoss Data Virtualization & Services before 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a use...
PT-2018-7163 · Red Hat · Red Hat Jboss Data Virtualization & Services +1
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss BPM Suite versions prior to 6.4.2 Red Hat JBoss Data Virtualization & Services versions prior to 6.4.3 Description: A security issue was found in the Dashbuilder login page, which could be opened in an IFRAME. This allowed for t...
Augur: Augur UI data can be completely replaced by an attacker which can lead to fund and reputation loss
Summary: A third party attacking site can fake UI data - markets, categories and other Description: A third party site can include a hidden iframe which can override "augur-node" configuration variable of a running augur application. This variable is persisted in localStorage. In the case of...
Dashbuilder: Lack of clickjacking protection on the login page
It was discovered that the Dashbuilder login page could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this flaw to trick a user into performing arbitrary actions in the Console clickjacking...
posizionamento-seo.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-652387 Description| Value ---|--- Affected Website:| posizionamento-seo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
liztid.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-651639 Description| Value ---|--- Affected Website:| liztid.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-3771
An XSS in statics-server = 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser...
CVE-2018-3771
An XSS in statics-server = 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser...
PT-2018-16189 · Unknown · Statics-Server
Name of the Vulnerable Software and Affected Versions: statics-server versions 0.0.0 through 0.0.9 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. It occurs when statics-server displays a directory index in the browser and an attacker injects an iframe in the...
aomss.org.sg IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-649484 Description| Value ---|--- Affected Website:| aomss.org.sg Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
rj.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-647977 Description| Value ---|--- Affected Website:| rj.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
sp.senac.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-647968 Description| Value ---|--- Affected Website:| sp.senac.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
salutis.com.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-647955 Description| Value ---|--- Affected Website:| salutis.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
bravox.com.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-647954 Description| Value ---|--- Affected Website:| bravox.com.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
mercurio.detran.pa.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-645729 Description| Value ---|--- Affected Website:| mercurio.detran.pa.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
www2.detran.pa.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-645728 Description| Value ---|--- Affected Website:| www2.detran.pa.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
Neatly bypassing CSP
How to trick CSP in letting you run whatever you want By bo0om, Wallarm research Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting XSS. It lists and describes paths and sources, from which the browser can safely load...
kager.net IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-643635 Description| Value ---|--- Affected Website:| kager.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
Cross-site Scripting (XSS)
buttle is vulnerable to cross-site scripting XSS attacks. The library does not sanitize filenames, allowing a malicious user to inject and execute arbitrary Javascript using a iframe tag as a filename...
CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites
Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners...