MAL-2025-22990 Malicious code in iframed (npm)

The package iframed was found to contain malicious code...

Malicious code in iframed (npm)

The package iframed was found to contain malicious code...

PT-2023-18847 · Connectwise · Connectwise Automate

Name of the Vulnerable Software and Affected Versions: Connectwise Automate version 2022.11 Description: The issue allows the login screen to be iframed, potentially manipulating users into performing unintended actions. The vendor claims that a Content-Security-Policy HTTP response header is...

Mozilla Firefox WYCIWYG:// URI绕过缓存区限制漏洞

BUGTRAQ ID: 24831 Mozilla Firefox是一款非常流行的开源WEB浏览器。 Firefox实现的wyciwyg://伪URI资源类型的访问控制存在漏洞，远程攻击者可能利用此漏洞获取Web浏览器相关的敏感信息。 wyciwyg://伪URI资源类型用于整理和引用本地所缓存的页面，但wyciwyg:// URI的访问控制并不充分，用户可通过XMLHttpRequest或IFRAMEd view-source:访问所缓存的文档。尽管仍正确地实现同域策略，但恶意站点可以绕过cookie设置向用户计算机存储任意标记；如果结合HTTP...