5125 matches found
patos.pb.gov.br IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-621302 Description| Value ---|--- Affected Website:| patos.pb.gov.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
mesowest.utah.edu IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-621099 Description| Value ---|--- Affected Website:| mesowest.utah.edu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
findu.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-621097 Description| Value ---|--- Affected Website:| findu.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
wnps.org IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-618808 Description| Value ---|--- Affected Website:| wnps.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-11101
Open Whisper Signal aka Signal-Desktop through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a...
CVE-2018-11101
CVE-2018-11101 affects Signal Desktop (Open Whisper Signal) up to version 1.10.1. The vulnerability arises from incorrect handling of HTML when rendering quoted-reply messages, allowing XSS via HTML injected in a message that is later quoted/replied to. The root cause involved React dangerouslySe...
CVE-2018-0326
Cisco TelePresence Server Software web UI is affected by CVE-2018-0326 due to insufficient protections for HTML iframe embeds, enabling an unauthenticated attacker to perform a cross-frame scripting attack via a user-nes navigated, attacker-controlled page containing a malicious iframe. The resul...
Signal Desktop HTML Tag Injection Variant 2
Title: Signal-desktop HTML tag injection variant 2 Date Published: 2018-05-16 Last Update: 2018-05-16 CVE Name: CVE-2018-11101 Class: Code injection Remotely Exploitable: Yes Locally Exploitable: No Vendors contacted: Signal.org Vulnerability Description: Signal-desktop is the standalone desktop...
policelink.monster.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-616311 Description| Value ---|--- Affected Website:| policelink.monster.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| hidden...
A Deep Dive Into RIG Exploit Kit Delivering Grobios Trojan
As discussed in previous blogs, exploit kit activity has been on the decline since the latter half of 2016. However, we do still periodically observe significant developments in this space, and we have been observing interesting ongoing activity involving RIG Exploit Kit EK. Although the volume o...
CVE-2018-5304
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...
CVE-2018-5304
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...
CVE-2018-5304
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or...
pressloft.se XSS vulnerability
Open Bug Bounty ID: OBB-611669 Description| Value ---|--- Affected Website:| pressloft.se Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Flaw in LinkedIn AutoFill Plugin Lets Third-Party Sites Steal Your Data
Not just Facebook, a new vulnerability discovered in Linkedin's popular AutoFill functionality found leaking its users' sensitive information to third party websites without the user even knowing about it. LinkedIn provides an AutoFill plugin for a long time that other websites can use to let...
spc.pt IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-604087 Description| Value ---|--- Affected Website:| spc.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
klett.de XSS vulnerability
Open Bug Bounty ID: OBB-603221 Description| Value ---|--- Affected Website:| klett.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
idpe.ir IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-602123 Description| Value ---|--- Affected Website:| idpe.ir Open Bug Bounty Program:| Not created yet Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until disclosure Disclosure Standard:|...
videos.abt.com XSS vulnerability
Open Bug Bounty ID: OBB-602055 Description| Value ---|--- Affected Website:| videos.abt.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
hec-taiwan.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-594741 Description| Value ---|--- Affected Website:| hec-taiwan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...