CVE-2015-1300

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...

CVE-2015-1300

Removed by vendor...

CVE-2015-1291

Removed by vendor...

chromium-browser: Information leak in Blink

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...

chromium-browser: Cross-origin bypass in DOM

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

UBUNTU-CVE-2015-1300

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

X (Formerly Twitter): Highly wormable clickjacking in player card

Hi, I would like to report an issue where player card is vulnerable to clickjacking in certain browsers. This may result in something similar to XSS worm and many other critical damages. Details Twitter Player Card allows a website to embed a custom playerhtml into an iframe in a tweet. There are...

Analysis of the latest firefox 0day attack-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-8/2015813114114594.jpg The Mozilla Foundation in the 8 May 6, as Firefox released a security update to fix the Firefox embedded PDF reader pdf. js in the cve-2 0 1 5-4 4 9 5 vulnerability. The vulnerability allows an attacker to bypass the same origin policy,in the local...

iframe <= 3.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

The iframe WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting XSS security vulnerability...

WordPress iFrame Plugin <= 3.0 - Cross Site Scripting

This plugin is prone to a cross site scripting attack when the “getparamsfromurl” option is used in the iFrame shortcode. It allows attackers to do anything that admin can. Solution Upgrade this plugin...

WordPress iframe 3.0 Stored Cross Site Scripting

Details ================ Software: iframe Version: 3.0 Homepage: http://wordpress.org/plugins/iframe/ Advisory report: https://security.dxw.com/advisories/stored-xss-in-iframe-allows-less-privileged-users-to-do-almost-anything-an-admin-can/ CVE: Awaiting assignment CVSS: 5.5 Medium;...

WordPress iframe 3.0 Reflective Cross Site Scripting

Details ================ Software: iframe Version: 3.0 Homepage: http://wordpress.org/plugins/iframe/ Advisory report: https://security.dxw.com/advisories/reflected-xss-in-iframe-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/ CVE: Awaiting assignment CVSS: 5.8 Medium;...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of the LocalFrame::isURLAllowed function core/frame/LocalFrame.cpp in the Google Chrome browser component exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to trigger a service failure by using a specially crafted Java scrip...

CVE-2015-1284

Removed by vendor...

sodocos-for-animals.com IFRAME Injection vulnerability

Vulnerable URL: http://www.sodocos-for-animals.com/fr/boutique/chats/page.php?page=https://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

kastoria.teikoz.gr IFRAME Injection vulnerability

Vulnerable URL: http://kastoria.teikoz.gr/inf/pages/page.php?page=https://xssposed.org/&IFRAMEINJECTION Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 13:06 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed...

UBUNTU-CVE-2015-1284

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

carmf.fr IFRAME Injection vulnerability

Vulnerable URL: http://www.carmf.fr/page.php?page=https://xssposed.org/ Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 12:47 GMT Vulnerability type:| IFRAME Injection Vulnerability status:| Publicly disclosed Alexa Rank| 1199299 Google Pageran...

namf.ca IFRAME Injection vulnerability

Vulnerable URL: http://www.namf.ca/new/sub-page.php?page=https://xssposed.org/&Thisisaniframeinjectionbutxssposedsetxframeoptionswhichkeepitfromloading Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 21:20 GMT Vulnerability type:| IFRAME...