CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

network.wwe.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-180880 Description| Value ---|--- Affected Website:| network.wwe.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

espn.com IFRAME Injection vulnerability

Vulnerable URL: http://www.espn.com/video/search?brand=null=%22%3E%3Ciframe%20src=%22http://www.openbugbounty.org%22%3E%3C/iframe%3E%22 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...

mediacom.com IFRAME Injection vulnerability

Vulnerable URL: http://www.mediacom.com/philippines/redirect?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 28.09.2016 Latest check for patch:| 28.09.2016 15:50 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank|...

Shopify: Open redirect allows changing iframe content in *.myshopify.com/admin/themes/<id>/editor

Hi , I managed to bypass the fix you deployed to the issue I reported in 159522. Apparently this is what the fix does: - Redirecting to https://checkout.shopify.com/ / only is allowed. - For example: victim.myshopify.com/account/logout?returnurl=https://checkout.shopify.com// will work - but...

CVE-2016-5160

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

CVE-2016-5149

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

KLA10865 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions or inject arbitrary code. Below is a complete list of vulnerabilities 1. An improper values validation at Skia can be exploited remotely via a...

Mozilla Firefox ESR < 45.3 Multiple Vulnerabilities

Binary data 9485.prm...

ua.trovit.com IFRAME Injection vulnerability

Vulnerable URL: http://ua.trovit.com/rabota/index.php/cod.frame/url.http%253A%252F%252Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 22.07.2017 Latest check for patch:| 22.07.2017 05:19 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclos...

ru.trovit.com IFRAME Injection vulnerability

Vulnerable URL: http://ru.trovit.com/rabota/index.php/cod.frame/url.http%253A%252F%252Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 22.07.2017 Latest check for patch:| 22.07.2017 05:18 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclos...

de.trovit.com IFRAME Injection vulnerability

Vulnerable URL: http://de.trovit.com/jobs/index.php/cod.frame/url.http%253A%252F%252Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 21.07.2017 Latest check for patch:| 21.07.2017 13:31 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed...

springmeadownursery.com IFRAME Injection vulnerability

Vulnerable URL: http://springmeadownursery.com/search.php?q=%3Ciframe+src%3D%22http%3A%2F%2Fwww.openbugbounty.org%22%3E%3C%2Fiframe%3E Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 12:35 GMT Vulnerability type:| IFRAME Injection Vulnerability...

library.msu.ac.th IFRAME Injection vulnerability

Vulnerable URL: http://library.msu.ac.th/webu/dublin.linkout.php?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 10:56 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa...

ostwuerttemberg.de IFRAME Injection vulnerability

Vulnerable URL: http://www.ostwuerttemberg.de/de/fde.asp?page=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 16280167 VIP website status:...

118go.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-174081 Description| Value ---|--- Affected Website:| 118go.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

colorado.edu IFRAME Injection vulnerability

Vulnerable URL: http://www.colorado.edu/eventscalendar/cgi-bin/frame.cgi?parent=viewURL=https://www.openbugbounty.org" name="bottom" frameborder="no" marginwidth="0" marginheight="0" Details: Description| Value ---|--- Patched:| Yes, at 27.08.2016 Latest check for patch:| 27.08.2016 08:17 GMT...

yellowpages.com.vn IFRAME Injection vulnerability

Vulnerable URL: http://www.yellowpages.com.vn/homepages.php?url=www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1752205 VIP website status:| No...

Microsoft Internet Explorer Local Filename Information Disclosure Vulnerability

Internet Explorer is a web browser from Microsoft. Microsoft Internet Explorer has different feedback in the file:// URL for existing and non-existing files, and if used in conjunction with an HTML5 sandbox iframe, a local attacker could exploit this vulnerability to obtain local file existence...

CVE-2016-3321

Microsoft Internet Explorer 10 and 11 load different files for attempts to open a file:// URL depending on whether the file exists, which allows local users to enumerate files via vectors involving a file:// URL and an HTML5 sandbox iframe, aka "Internet Explorer Information Disclosure...