5125 matches found
bookstore.franciscan.edu IFRAME Injection vulnerability
Vulnerable URL: http://bookstore.franciscan.edu/ePOS/form="robots/item.htmlnumber=W43134=421=421 Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 17:58 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Ran...
CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
CSP reports fail to strip location information for embedded iframe pages — Mozilla
Security researcher Muneaki Nishimura nishimunea of Recruit Technologies Co.,Ltd. reported that Content Security Policy CSP violation reports contained full path information for cross-origin iframe navigations in violation of the CSP specification. This could result in information disclosure...
UBUNTU-CVE-2016-1955
Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy CSP violation report that contains path information associated with an IFRAME element...
UBUNTU-CVE-2016-1967
Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...
With the Edge of the user's attention! WinRT PDF the presence of vulnerabilities or hacking-vulnerability warning-the black bar safety net
Use the Edge browser users to pay attention to the browser before the date is considered to exist a certain security risk, may be exploited by hackers jeopardize computer security. IBM X-Force Advanced research team of security experts Mark Vincent Yason said, Win10 in the WinRT PDF the presence...
mexicoescultura.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-138678 Description| Value ---|--- Affected Website:| mexicoescultura.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
globalplanesearch.com IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-138207 Description| Value ---|--- Affected Website:| globalplanesearch.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...
joinolx.com IFRAME Injection vulnerability
Vulnerable URL: http://www.joinolx.com/careers/search Details: Description| Value ---|--- Patched:| Yes, at 15.08.2016 Latest check for patch:| 15.08.2016 14:55 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 38790 Google Pagerank| 0 VIP website...
ownCloud: owncloud.com: Persistent XSS In Account Profile
Quotation marks are not sanitized in one of the HTML tags inside of the profile when dealing with first & last names. It is an tag. In the attached PoC screenshot, I included a functional first name that triggers an alert call. Inside, I pasted the HTML tag where it breaks. I don't know owncloud...
Zomato: Two XSS vulns in widget parameters (all_collections.php and o2.php)
I have found two additional possibilities of XSS attacks via the widget API endpoints: https://www.zomato.com/widgets/allcollections.php and https://www.zomato.com/widgets/o2.php https://www.zomato.com/widgets/allcollections.php has a vulnerable cityid parameter that does not filter html or...
Zomato: XSS via modified Zomato widget (res_search_widget.php)
Table of Contents: 1. Short Description of Security Issue 2. Proof of Concept 1. Short Description of Security Issue The widget API endpoint at https://www.zomato.com/widgets/ressearchwidget.php is vulnerable to XSS in the languageid parameter. An attacker can create a web page that includes a...
The vulnerability of the Cisco Firepower Extensible Operating System allows a hacker to deploy malicious elements on the page and force the user to activate them.
The vulnerability of the Cisco Firepower Extensible Operating System’s web interface is related to the lack of restrictions on the use of IFRAME elements. Exploiting this vulnerability allows a malicious actor to deploy malicious elements on a page and force users to activate them through a...
garrisonexcelsior.com IFRAME Injection vulnerability
Vulnerable URL: http://www.garrisonexcelsior.com/redirect.php?url=https://xssposed.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 10989212 Google Pagerank| 2 VIP...
cetoday.ch IFRAME Injection vulnerability
Vulnerable URL: http://www.cetoday.ch/de-CH/News/2015/10/30/Gopro-muss-bluten.aspx?exURL=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 15:29 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly...
it-markt.ch IFRAME Injection vulnerability
Vulnerable URL: http://www.it-markt.ch/News/2014/09/17/Vesa-stellt-neue-Audio-Video-Schnittstelle-vor.aspx?exURL=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 15:29 GMT Vulnerability type:| IFRAME Injection...
bbs.clubplanet.com IFRAME Injection vulnerability
Vulnerable URL: http://bbs.clubplanet.com/cgi-bin/redirect.cgi?url=http://www.xssposed.org Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 15:18 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank|...
transportation.buaa.edu.cn IFRAME Injection vulnerability
Open Bug Bounty ID: OBB-125846 Description| Value ---|--- Affected Website:| transportation.buaa.edu.cn Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Iframe Injection / CWE-79 CVSSv3 Score:| 6.1...
dj.yangling.cc IFRAME Injection vulnerability
Vulnerable URL: http://dj.yangling.cc/Redirect.aspx?url=https://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 12:44 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...