5125 matches found
CVE-2017-11195
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can...
Cross site scripting
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can...
bullguard.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-262325 Description| Value ---|--- Affected Website:| bullguard.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
molex.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-260610 Description| Value ---|--- Affected Website:| molex.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
thepiratebay.org IFRAME Injection vulnerability
Vulnerable URL: https://thepiratebay.org/ads/middle/index.php?r=24=bar=Countrywise.S07E04.XviD-AFG=michal:"' XANY Details: Description| Value ---|--- Patched:| Yes, at 26.10.2017 Latest check for patch:| 26.10.2017 10:42 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...
onlinewebfonts.com IFRAME Injection vulnerability
Vulnerable URL: https://www.onlinewebfonts.com/search?q=" XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 87551 VIP website status:| Yes Check onlinewebfonts.com S...
download.pmi.it IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-254985 Description| Value ---|--- Affected Website:| download.pmi.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
inia.gob.es IFRAME Injection vulnerability
Vulnerable URL: http://www.inia.gob.es/IniaPortal/goUrlDinamica.action?url=https://www.openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 10.08.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 11557901 VIP...
direitovivo.com.br IFRAME Injection vulnerability
Vulnerable URL: http://www.direitovivo.com.br/asp/redirect.asp?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 21.09.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...
freesexyindians.com IFRAME Injection vulnerability
Vulnerable URL: https://www.freesexyindians.com/?s= XANY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 23403 VIP website status:| Yes Coordinated Disclosure Timeline:...
kissanimes.net IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-250357 Description| Value ---|--- Affected Website:| kissanimes.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
localmoxie.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-250356 Description| Value ---|--- Affected Website:| localmoxie.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
usapa.org XSS vulnerability
Vulnerable URL: http://usapa.org/iframe/ptp/index.php?code=1/-///'/"//--...
loveroms.com IFRAME Injection vulnerability
Vulnerable URL: https://www.loveroms.com/roms.php?q=""; XANY Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 11670 VIP website status:| Yes Coordinated Disclosure Timeline: Description| Value ---|---...
Cross-site Scripting (XSS)
ckeditor-dev is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the src attribute in the iframe element. This can only occur when the Iframe plugin is used and advanced content filter is turned off in a browser...
Cross-site Scripting (XSS)
ckeditor-dev is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the srcdoc attribute in the iframe element. This attack can only happen with the Iframe plugin and Advanced Content Filter turned off...
OLX: OLX is vulnerable to clickjaking
A Olx.com webpage was vulnerable to a Clickjacking attack that could have lead to account sensitive information disclosure. @spiyushsonikumar1671 was able to demonstrate this vulnerability by crafting a specially formatted webpage with iframe embedded. We would like to thanks for this report...
belediyehaberleri.com IFRAME Injection vulnerability
Vulnerable URL: http://www.belediyehaberleri.com/view.php?url=https://openbugbounty.org/ Details: Description| Value ---|--- Patched:| Yes, at 29.07.2017 Latest check for patch:| 29.07.2017 19:24 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 12067...
dou.ua IFRAME Injection vulnerability
Vulnerable URL: https://dou.ua/users/maxim-yaremchuk/ Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 25283 VIP website status:| Yes Check dou.ua SSL connection:| Grade: A+ Coordinated Disclosure...
CVE-2017-5045
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...