5125 matches found
agrarischwaterbeheer.nl IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-401762 Description| Value ---|--- Affected Website:| agrarischwaterbeheer.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
Khan Academy: Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking)
Hello Sir/Mam , I was using the html editor in computer programming section , which allowed me to design a webpage. When i use the iframe tag , object tag and embed tag it show me the message that these tags are not allowed for security reasonsmay be cause of clickjacking attack or something but...
openoffice.us.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-379613 Description| Value ---|--- Affected Website:| openoffice.us.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
CVE-2017-5107
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...
Input validation
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...
UBUNTU-CVE-2017-5107
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...
CVE-2017-5107
The CVE-2017-5107 entry describes a timing-based information disclosure in Google Chrome's SVG rendering prior to 60.0.3112.78, enabling a remote attacker to extract pixel values from a cross-origin page loaded in an iframe on Linux/Windows/macOS. The connected sources corroborate Chrome/Chromium...
CVE-2017-5107
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...
mln.com.au IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-370895 Description| Value ---|--- Affected Website:| mln.com.au Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
Design/Logic Flaw
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...
UBUNTU-CVE-2012-4379
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...
DEBIAN-CVE-2012-4379
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...
CVE-2012-4379
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...
CVE-2012-4379
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...
adels-archiv.com IFRAME Injection vulnerability
Vulnerable URL: http://www.adels-archiv.com/shop/showcatrows.php?CategoryID=2=5%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 21:02 GMT...
sh-printing.com.tw IFRAME Injection vulnerability
Vulnerable URL: http://sh-printing.com.tw/single.php?id=17%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 20:53 GMT Vulnerability type:|...
u-hope.net IFRAME Injection vulnerability
Vulnerable URL: http://www.u-hope.net/productsindex.php?id=-14%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...
apepet.hk IFRAME Injection vulnerability
Vulnerable URL: http://www.apepet.hk/url.php?lang=en=https://www.openbugbounty.org\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1214558 VIP website status:| No...
ecssr.ac.ae IFRAME Injection vulnerability
Vulnerable URL: http://www.ecssr.ac.ae/CDA/Others/openExtLink/?link=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1660307 VIP website...
Baidu UEditor Cross-Site Scripting Vulnerability
Baidu UEditor is China's Baidu Baidu company's set of open source HTML editor . A cross-site scripting vulnerability exists in Baidu UEditor version 1.4.3.3. A remote attacker can leverage the SRC attribute of the IFRAME element to inject arbitrary web script or HTML...