WordPress Titan Framework Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on servers with PHP and MySQL.Titan Framework is one of the plug-ins for developers to create administrative pages. A cross-site scripting...

Wordpress 插件 iframe 跨站脚本漏洞

No description provided by source...

Cisco Prime Infrastructure Frame Injection Vulnerability

A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. The vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an...

Wordpress plugin iframe HTML injection vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . Wordpress...

Wordpress plugin iframe cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . A cross-site...

uk.ask.com IFRAME Injection vulnerability

Vulnerable URL: http://uk.ask.com/fr?u=http://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 27.03.2016 Latest check for patch:| 27.03.2016 06:27 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

HTML injection in homescreen app bypassing DOM sanitizer — Mozilla

Mozilla fixed a bug in the l10n localization of the default homescreen app of Firefox OS reported by security researcher Muneaki Nishimura. Exploiting this issue requires tricking the user into bookmarking a specially crafted web page via the 'Add to home screen' functionality. As a result, an...

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2015-08315)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 43.0, which stems from the program's failure to properly limit the availability of time information in the IFRAME Resource...

Adobe Flash Player issue where iframe contents may be overwritten

Overview Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten. Tokuji Akamine reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...

JVN#22533124: Adobe Flash Player issue where iframe contents may be overwritten

Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten. Impact Processing specially crafted Flash content may lead to iframe contents being overwritten. Solution Apply an Update Update to the latest version according to the...

UBUNTU-CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...

CVE-2015-7207

Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls, a...

Intellect Core Cross Site Scripting Vulnerability

Intellect Core banking software suffers from a cross site scripting vulnerability. Vendor: ==================== Intellect Design Arena Polaris Product: =================== Intellect Core banking software Armar module Vulnerability Type: ========================== Cross site scripting - XSS CVE...

Khan Academy: Escaping the iframe via exceptions

You can throw an object with an html property to run arbitrary js Here is an example program that modifies a user's profile. I made the program as private as possible by saving it with nouser and drawing nothing in the hopes that it will be ignored, but if you want me to delete it, I will. The...

kolhapurhelpline.com IFRAME Injection vulnerability

Vulnerable URL: http://www.kolhapurhelpline.com/website.php?website=https://www.xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

CVE-2015-6374

The CVE-2015-6374 vulnerability affects Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices, where the web interface inadequately restricts IFRAME usage. The root cause is insufficient input sanitization of iframe data in HTTP requests, enabling remote attackers to pe...

Cisco Firepower 9000 Series Switch Clickjacking Vulnerability

A vulnerability in the web interface of the Cisco Firepower 9000 Series Switch could allow an unauthenticated, remote attacker to affect the integrity of the device though a clickjacking or phishing attack. The vulnerability is due to the lack of proper input sanitization of iFrame data in the HT...

Android Browser应用程序拒绝服务漏洞

Android 4.0.3浏览器应用不正确处理特殊的URI，允许攻击者在IFRAME元素SRC属性中使用特制的market: URI并诱使应用程序解析，可使应用程序崩溃。 测试方法 var mframe = ""; forvar i = 0; i...

CVE-2007-5896

Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...

Red Hat Enterprise Application Platform Clickjacking Attack Vulnerability

Red Hat Enterprise Application Platform is the United States Red Hat Red Hat, Inc. of a set of open source, J2EE-based middleware platform, which is mainly used to build, deploy and host Java applications and services. A clickjacking attack vulnerability exists in Red Hat Enterprise Application...