forums.imore.com IFRAME Injection vulnerability

Vulnerable URL: http://forums.imore.com/ask/?do=ask=%22%3E%3Ch1%3Ea%3C/h1%3E%3Ciframe%20srcdoc=%22%3Cp%3EHello%20world!%3C/p%3E%22%20src=%22https://www.openbugbounty.org%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:|...

forums.androidcentral.com IFRAME Injection vulnerability

Vulnerable URL: http://forums.androidcentral.com/ask/?do=ask=%22%3E%3Ciframe%20srcdoc=%22%3Cp%3EHello%20world!%3C/p%3E%22%20src=%22https://www.openbugbounty.org%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME...

forums.windowscentral.com IFRAME Injection vulnerability

Vulnerable URL: http://forums.windowscentral.com/ask/?do=ask=%22%3E%3Ch1%3Ea%3C/h1%3E%3Ciframe%20srcdoc=%22%3Cp%3EHello%20world!%3C/p%3E%22%20src=%22https://www.openbugbounty.org%22%3E%3C/iframe%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability...

unmig.sviluppoeconomico.gov.it IFRAME Injection vulnerability

Vulnerable URL: http://unmig.sviluppoeconomico.gov.it/dgsaie/ambiti/rqnome.asp?stringa=%3Ciframe%20src=https://www.openbugbounty.org%20%3C Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / No...

embcms.mercedes-benz.fr IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-150189 Description| Value ---|--- Affected Website:| embcms.mercedes-benz.fr Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

culturecommunication.gouv.fr IFRAME Injection vulnerability

Vulnerable URL: http://www.culturecommunication.gouv.fr/Ressources?q=%22%3E%3Ch1%3EXssed%3C/h1%3E%3Ciframe%20src=https://www.openbugbounty.org/report/%20%3C Details: Description| Value ---|--- Patched:| Yes, at 10.05.2016 Latest check for patch:| 10.05.2016 15:07 GMT Vulnerability type:| IFRAME...

CVE-2016-2820

The Firefox Health Reports aka FHR or about:healthreport feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element...

UBUNTU-CVE-2016-2820

The Firefox Health Reports aka FHR or about:healthreport feature in Mozilla Firefox before 46.0 does not properly restrict the origin of events, which makes it easier for remote attackers to modify sharing preferences by leveraging access to the remote-report IFRAME element...

mbwin.net IFRAME Injection vulnerability

Vulnerable URL: http://www.mbwin.net/index.php?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 16489204 VIP website status:| No Check...

24livenewspaper.com IFRAME Injection vulnerability

Vulnerable URL: http://www.24livenewspaper.com/sites/?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 17885 VIP website status:| Yes...

migrosbank.ch IFRAME Injection vulnerability

Vulnerable URL: https://www.migrosbank.ch/de/privatpersonen/anlegen/marktuebersicht.html?idms-page=.openbugbounty.org/=en Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank...

universinet.it IFRAME Injection vulnerability

Vulnerable URL: http://www.universinet.it/components/comfeedpostold/feedpost.php?url=https://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 23:16 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...

PHPmongoDB 1.0.0 Cross Site Request Forgery / Cross Site Scripting

Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link: https://github.com/phpmongodb/phpmongodb Version: 1.0.0 Introduction A Tool...

PHPmongoDB 1.0.0 - Multiple Vulnerabilities

Exploit Title: PHPmongoDB v1.0.0 - Multiple Vulnerabilities CSRF | HTMLor Iframe Injection | XSS Reflected & Stored Date: 14.04.2016 Exploit Author: Ozer Goker Vendor Homepage: http://www.phpmongodb.org Software Link: https://github.com/phpmongodb/phpmongodb Version: 1.0.0 Introduction A Tool...

Uber: developer.uber.com/404 and developer.uber.com/docs/404 are susceptible to iframes

Issue You can iframe the error pages for https://developer.uber.com/404 and https://developer.uber.com/docs/404 Proof of concept An example can be found here http://codepen.io/JacobReynolds/pen/VaMbde?editors=1010 Impact There is not a large security impact from a cursory glance at the 404 pages...

Ubuntu 14.04 LTS : Firefox regressions (USN-2917-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2917-2 advisory. USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search...

bid.ub.edu IFRAME Injection vulnerability

Vulnerable URL: http://bid.ub.edu/consultaarticulos.php?url=http://www.xssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

edumedia-share.com IFRAME Injection vulnerability

Vulnerable URL: http://www.edumedia-share.com/search.php?q=%3Ciframe%20src=%22https://xssposed.org%22%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:10 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed...

jhu.edu IFRAME Injection vulnerability

Vulnerable URL: https://www.jhu.edu/search/?c=gsa=%3Ciframe%20src=https://xssposed.org%3E Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 08:09 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 4365...

The vulnerability of the Firefox browser allows a perpetrator to obtain confidential information or circumvent existing access restrictions policies.

The vulnerability of Firefox browsers relates to the insufficient restrictions on the use of the IFrame mechanism. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions or obtain confidential information by using specially crafted JavaScript code that...