Lucene search
K

5125 matches found

Openbugbounty
Openbugbounty
added 2016/03/08 12:4 p.m.11 views

bookstore.franciscan.edu IFRAME Injection vulnerability

Vulnerable URL: http://bookstore.franciscan.edu/ePOS/form="robots/item.htmlnumber=W43134=421=421 Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 17:58 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Ran...

7.2AI score
Exploits0
UbuntuCve
UbuntuCve
added 2016/03/08 12:0 a.m.19 views

CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...

4.3CVSS6.8AI score0.02035EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/03/08 12:0 a.m.29 views

CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

6.5CVSS7AI score0.02248EPSS
Exploits0References3
Mozilla
Mozilla
added 2016/03/08 12:0 a.m.36 views

CSP reports fail to strip location information for embedded iframe pages — Mozilla

Security researcher Muneaki Nishimura nishimunea of Recruit Technologies Co.,Ltd. reported that Content Security Policy CSP violation reports contained full path information for cross-origin iframe navigations in violation of the CSP specification. This could result in information disclosure...

4.3CVSS6.8AI score0.02035EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2016/03/08 12:0 a.m.1 views

UBUNTU-CVE-2016-1955

Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...

4.3CVSS7AI score0.02035EPSS
Exploits0References4
OSV
OSV
added 2016/03/08 12:0 a.m.3 views

UBUNTU-CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

6.5CVSS7AI score0.02248EPSS
Exploits0References4
myhack58
myhack58
added 2016/03/04 12:0 a.m.28 views

With the Edge of the user's attention! WinRT PDF the presence of vulnerabilities or hacking-vulnerability warning-the black bar safety net

Use the Edge browser users to pay attention to the browser before the date is considered to exist a certain security risk, may be exploited by hackers jeopardize computer security. IBM X-Force Advanced research team of security experts Mark Vincent Yason said, Win10 in the WinRT PDF the presence...

2.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/03/01 4:20 p.m.9 views

mexicoescultura.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-138678 Description| Value ---|--- Affected Website:| mexicoescultura.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

6.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/02/27 11:7 p.m.11 views

globalplanesearch.com IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-138207 Description| Value ---|--- Affected Website:| globalplanesearch.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/02/15 1:7 a.m.14 views

joinolx.com IFRAME Injection vulnerability

Vulnerable URL: http://www.joinolx.com/careers/search Details: Description| Value ---|--- Patched:| Yes, at 15.08.2016 Latest check for patch:| 15.08.2016 14:55 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 38790 Google Pagerank| 0 VIP website...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2016/02/13 3:22 p.m.12 views

ownCloud: owncloud.com: Persistent XSS In Account Profile

Quotation marks are not sanitized in one of the HTML tags inside of the profile when dealing with first & last names. It is an tag. In the attached PoC screenshot, I included a functional first name that triggers an alert call. Inside, I pasted the HTML tag where it breaks. I don't know owncloud...

1.4AI score
Exploits0
Hacker One
Hacker One
added 2016/02/09 4:17 p.m.19 views

Zomato: Two XSS vulns in widget parameters (all_collections.php and o2.php)

I have found two additional possibilities of XSS attacks via the widget API endpoints: https://www.zomato.com/widgets/allcollections.php and https://www.zomato.com/widgets/o2.php https://www.zomato.com/widgets/allcollections.php has a vulnerable cityid parameter that does not filter html or...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2016/02/08 3:39 p.m.15 views

Zomato: XSS via modified Zomato widget (res_search_widget.php)

Table of Contents: 1. Short Description of Security Issue 2. Proof of Concept 1. Short Description of Security Issue The widget API endpoint at https://www.zomato.com/widgets/ressearchwidget.php is vulnerable to XSS in the languageid parameter. An attacker can create a web page that includes a...

Exploits0
BDU FSTEC
BDU FSTEC
added 2016/02/08 12:0 a.m.7 views

The vulnerability of the Cisco Firepower Extensible Operating System allows a hacker to deploy malicious elements on the page and force the user to activate them.

The vulnerability of the Cisco Firepower Extensible Operating System’s web interface is related to the lack of restrictions on the use of IFRAME elements. Exploiting this vulnerability allows a malicious actor to deploy malicious elements on a page and force users to activate them through a...

4.3CVSS5.5AI score0.00838EPSS
Exploits0References2
Openbugbounty
Openbugbounty
added 2016/02/04 5:40 p.m.8 views

garrisonexcelsior.com IFRAME Injection vulnerability

Vulnerable URL: http://www.garrisonexcelsior.com/redirect.php?url=https://xssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 10989212 Google Pagerank| 2 VIP...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/01/21 1:56 a.m.10 views

cetoday.ch IFRAME Injection vulnerability

Vulnerable URL: http://www.cetoday.ch/de-CH/News/2015/10/30/Gopro-muss-bluten.aspx?exURL=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 15:29 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/01/21 1:54 a.m.7 views

it-markt.ch IFRAME Injection vulnerability

Vulnerable URL: http://www.it-markt.ch/News/2014/09/17/Vesa-stellt-neue-Audio-Video-Schnittstelle-vor.aspx?exURL=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 15:29 GMT Vulnerability type:| IFRAME Injection...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/01/20 12:33 a.m.152 views

bbs.clubplanet.com IFRAME Injection vulnerability

Vulnerable URL: http://bbs.clubplanet.com/cgi-bin/redirect.cgi?url=http://www.xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 15:18 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank|...

7.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/01/18 1:34 p.m.8 views

transportation.buaa.edu.cn IFRAME Injection vulnerability

Open Bug Bounty ID: OBB-125846 Description| Value ---|--- Affected Website:| transportation.buaa.edu.cn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/01/18 1:30 p.m.20 views

dj.yangling.cc IFRAME Injection vulnerability

Vulnerable URL: http://dj.yangling.cc/Redirect.aspx?url=https://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 12:44 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

7.3AI score
Exploits0
Rows per page
Query Builder