Lucene search
K

5125 matches found

Openbugbounty
Openbugbounty
added 2017/11/09 3:52 a.m.18 views

agrarischwaterbeheer.nl IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-401762 Description| Value ---|--- Affected Website:| agrarischwaterbeheer.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/11/02 11:36 a.m.18 views

Khan Academy: Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking)

Hello Sir/Mam , I was using the html editor in computer programming section , which allowed me to design a webpage. When i use the iframe tag , object tag and embed tag it show me the message that these tags are not allowed for security reasonsmay be cause of clickjacking attack or something but...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/10/31 4:24 a.m.13 views

openoffice.us.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-379613 Description| Value ---|--- Affected Website:| openoffice.us.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
OSV
OSV
added 2017/10/27 5:29 a.m.2 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.3CVSS6.7AI score0.01652EPSS
Exploits0References6
Prion
Prion
added 2017/10/27 5:29 a.m.15 views

Input validation

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

2.6CVSS5.5AI score0.01652EPSS
Exploits0References6Affected Software4
OSV
OSV
added 2017/10/27 5:29 a.m.3 views

UBUNTU-CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.3CVSS6.7AI score0.01652EPSS
Exploits0References3
CVE
CVE
added 2017/10/27 5:0 a.m.110 views

CVE-2017-5107

The CVE-2017-5107 entry describes a timing-based information disclosure in Google Chrome's SVG rendering prior to 60.0.3112.78, enabling a remote attacker to extract pixel values from a cross-origin page loaded in an iframe on Linux/Windows/macOS. The connected sources corroborate Chrome/Chromium...

5.3CVSS5.6AI score0.01652EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2017/10/27 5:0 a.m.21 views

CVE-2017-5107

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

5.8AI score0.01652EPSS
Exploits0References6
Openbugbounty
Openbugbounty
added 2017/10/27 3:53 a.m.16 views

mln.com.au IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-370895 Description| Value ---|--- Affected Website:| mln.com.au Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

6.4AI score
Exploits0
Prion
Prion
added 2017/10/19 9:29 p.m.12 views

Design/Logic Flaw

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

4.3CVSS7AI score0.01446EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2017/10/19 9:29 p.m.2 views

UBUNTU-CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

6.5CVSS6.8AI score0.01446EPSS
Exploits1References3
OSV
OSV
added 2017/10/19 9:29 p.m.2 views

DEBIAN-CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

6.5CVSS7AI score0.01446EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/10/19 9:0 p.m.17 views

CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

6.9AI score0.01446EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2017/10/19 9:0 p.m.20 views

CVE-2012-4379

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element...

6.5CVSS6.6AI score0.01446EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2017/10/17 7:10 a.m.19 views

adels-archiv.com IFRAME Injection vulnerability

Vulnerable URL: http://www.adels-archiv.com/shop/showcatrows.php?CategoryID=2=5%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 21:02 GMT...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/10/17 7:6 a.m.19 views

sh-printing.com.tw IFRAME Injection vulnerability

Vulnerable URL: http://sh-printing.com.tw/single.php?id=17%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 20:53 GMT Vulnerability type:|...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/10/17 7:4 a.m.14 views

u-hope.net IFRAME Injection vulnerability

Vulnerable URL: http://www.u-hope.net/productsindex.php?id=-14%27%3E%3Ciframe%20src=%22http://openbugbounty.org%22%20width=%22450%22%20height=%22200%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/10/16 6:30 p.m.16 views

apepet.hk IFRAME Injection vulnerability

Vulnerable URL: http://www.apepet.hk/url.php?lang=en=https://www.openbugbounty.org\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1214558 VIP website status:| No...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/10/11 1:32 p.m.21 views

ecssr.ac.ae IFRAME Injection vulnerability

Vulnerable URL: http://www.ecssr.ac.ae/CDA/Others/openExtLink/?link=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 09.01.2018 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1660307 VIP website...

7.3AI score
Exploits0
CNVD
CNVD
added 2017/10/10 12:0 a.m.2 views

Baidu UEditor Cross-Site Scripting Vulnerability

Baidu UEditor is China's Baidu Baidu company's set of open source HTML editor . A cross-site scripting vulnerability exists in Baidu UEditor version 1.4.3.3. A remote attacker can leverage the SRC attribute of the IFRAME element to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00635EPSS
Exploits0References1
Rows per page
Query Builder