Cisco Identity Services Engine Cross-Frame Scripting Vulnerability

A vulnerability in the web interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a...

CVE-2015-4660

Cross-site scripting XSS vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php...

WordPress Encrypted Contact Form plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Encrypted Contact Form plugin is a WordPress plugin that uses end-to-end encryption to send user information. A...

Eliacom Enhanced SQL Portal 'iframe.php' Cross-Site Scripting Vulnerability

Eliacom Enhanced SQL Portal is a database management system. A cross-site scripting vulnerability in Eliacom Enhanced SQL Portal allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensitive information or hijack user...

Enhanced SQL Portal 5.0.7961 XSS Vulnerability

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt Vendor: www.eliacom.com www.eliacom.com/mysql-gui-download.php Product: Enhanced SQL Portal 5.0.7961 web based MySQL administration application. Advisory...

Multiple Blue Coat Systems SSL Visibility Appliance Products Incorrectly Enter Authentication Vulnerabilities

Blue Coat Systems SSL Visibility Appliance SV800 and others are products of Blue Coat Systems, U.S.A. The Blue Coat SSL Visibility Appliance SV800 is a management platform that provides complete visibility into encrypted traffic. The appliance offers features such as a dedicated encrypted traffic...

Enhanced SQL Portal 5.0.7961 Cross Site Scripting

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ENHSQLPORTAL0602.txt Vendor: www.eliacom.com www.eliacom.com/mysql-gui-download.php Product: ============ Enhanced SQL Portal 5.0.7961 web based MySQL administration...

CVE-2015-2854

The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via vectors involving an IFRAME element...

CVE-2015-2854

The CVE-2015-2854 entry concerns Blue Coat SSL Visibility Appliance WebUI (SV800, SV1800, SV2800, SV3800) versions 3.6.x–3.8.3. The root cause is improper X-Frame-Options handling in the WebUI, failing to enforce same-origin policy and enabling clickjacking via crafted IFRAMEs. Impact is remote, ...

Discuz!X2.0,X2.5,X3.0,X3.1,X3.2版本的插件存储型XSS漏洞

简要描述： Discuz!X2.0,X2.5,X3.0,X3.1,X3.2版本的存储型XSS漏洞 详细说明： 先看看这个图。。信息量好强大 所有安装都是默认的。 然后在前台点击购买广告位 文字内容插入以下XSS payload看看 " 但是我抓包直接fuzz的时候。。。 看见了iframe标签没有过滤，那么在后台看了下广告记录 漏洞证明：...

WordPress IFrame Admin Pages Plugin <= 0.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

CVE-2015-2718

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...

Design/Logic Flaw

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...

CVE-2015-2718

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...

UBUNTU-CVE-2015-2718

The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data...

CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

CVE-2015-1235

Removed by vendor...

UBUNTU-CVE-2015-1235

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

chromium-browser: Cross-origin-bypass in HTML parser

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...

Coinbase: iframes considered harmful

The Coinbase API offers an iframe payment option. iframes are attractive because they allow Coinbase's customers to give the illusion that the Bitcoin transaction is embedded entirely within the customer's website. But customers can and do refer to that iframe on insecure connections. Hijacking a...