5125 matches found
Spoofing
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...
Information disclosure
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
Design/Logic Flaw
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
CVE-2017-7815
On pages containing an iframe, the "data:" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiproce...
CVE-2017-7791
CVE-2017-7791: A data: protocol-based modal alert spoofing vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox
CVE-2017-7788
CVE-2017-7788 affects Firefox
CVE-2017-7788
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...
CVE-2017-7791
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
CVE-2017-5391
Special "about:" pages used by web content, such as RSS feeds, can load privileged "about:" pages in an iframe. If a content-injection bug were found in one of those pages this could allow for potential privilege escalation. This vulnerability affects Firefox 51...
CVE-2017-7791
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox ...
CVE-2017-7787
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...
CVE-2017-7788
When an "iframe" has a "sandbox" attribute and its content is specified using "srcdoc", that content does not inherit the containing page's Content Security Policy CSP as it should unless the sandbox attribute included "allow-same-origin". This vulnerability affects Firefox 55...
accessify.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-630097 Description| Value ---|--- Affected Website:| accessify.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
pingoat.net IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-630061 Description| Value ---|--- Affected Website:| pingoat.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
kavarny.cz IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-628950 Description| Value ---|--- Affected Website:| kavarny.cz Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
IBM InfoSphere Information Server Cross-Frame Scripting Vulnerability
IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. A cross-framework scripting vulnerability exists in I...
osborneclarke.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-626289 Description| Value ---|--- Affected Website:| osborneclarke.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-11680
An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate...
CVE-2018-11680
An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate...
Cross site request forgery (csrf)
An issue was discovered in CmsEasy 6.120180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is refreshed at a rapid rate...