5125 matches found
HackerOne: HTTP Parameter Pollution using semicolons in iframe element at hackerone.com/careers allows loading external Greenhouse forms
Summary: I noticed that HackerOne career pages loads it's application forms from Greenhouse.io via an iframe. The ghjid parameter value is taken into the iframe element for the token parameter in the iframe URL boards.greenhouse.io. Any html characters are escaped in order to avoid XSS and possib...
our.news IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-453421 Description| Value ---|--- Affected Website:| our.news Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
gee.gov.pt IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-448869 Description| Value ---|--- Affected Website:| gee.gov.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
topsea.co.il IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-439881 Description| Value ---|--- Affected Website:| topsea.co.il Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Shee...
multiplay.co.il IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-439875 Description| Value ---|--- Affected Website:| multiplay.co.il Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
oddcast.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-439847 Description| Value ---|--- Affected Website:| oddcast.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
consentido.com.mx IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-432100 Description| Value ---|--- Affected Website:| consentido.com.mx Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
inprf-cd.gob.mx IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-432094 Description| Value ---|--- Affected Website:| inprf-cd.gob.mx Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
archivo.unionpuebla.mx IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-432093 Description| Value ---|--- Affected Website:| archivo.unionpuebla.mx Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
archivo.unionjalisco.mx IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-432091 Description| Value ---|--- Affected Website:| archivo.unionjalisco.mx Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
webist.in IFRAME Injection vulnerability
Vulnerable URL: http://www.webist.in/livedemo.php?url=http://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 3007438 VIP website status:| No Coordinated Disclosure Timeline:...
agenziaastolfiscuola.it IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-429679 Description| Value ---|--- Affected Website:| agenziaastolfiscuola.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
Adobe Acrobat Pro DC iframe Same Origin Policy Bypass Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Mozilla: Cross-origin URL information leak through Resource Timing API (MFSA 2017-25)
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...
visitpa.com XSS vulnerability
Open Bug Bounty ID: OBB-418110 Description| Value ---|--- Affected Website:| visitpa.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
Mozilla Firefox Cross-Origin URL Information Disclosure Vulnerability
Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A cross-origin URL information disclosure vulnerability exists in Mozilla Firefox versions prior to 57.0. The vulnerability arises because the Resource Timing API incorrectly discloses navigati...
m.tongcoupon.kr IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-413709 Description| Value ---|--- Affected Website:| m.tongcoupon.kr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
escandinxavo.tk IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-413486 Description| Value ---|--- Affected Website:| escandinxavo.tk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
portal.scan-ict.nl IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-401804 Description| Value ---|--- Affected Website:| portal.scan-ict.nl Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...
bio.agriconnect.nl IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-401778 Description| Value ---|--- Affected Website:| bio.agriconnect.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...