Lucene search
K

49 matches found

0day.today
0day.today
added 2019/10/28 12:0 a.m.61 views

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed Exploit

VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL const if document.page && document.page-subframeCount =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/10/28 12:0 a.m.168 views

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed

VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL const if document.page && document.page-subframeCount =...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2017/06/01 12:0 a.m.74 views

WebKit CachedFrame Universal Cross Site Scripting

WebKit: UXSS: CachedFrame doesn't detach openers CVE-2017-2528 When a document loads "about:blank" or "about:srcdoc", it tries to inherit the security origin from its parent frame, or its opener frame if the parent frame doesn't exist. Normally, it doesn't happen that a subframe's document inheri...

4.3CVSS6.6AI score0.02025EPSS
Exploits3
Exploit DB
Exploit DB
added 2017/04/04 12:0 a.m.53 views

Apple WebKit 10.0.2 (12602.3.12.0.1) - 'disconnectSubframes' Universal Cross-Site Scripting

frameOwners; if policy == RootAndDescendants if isroot frameOwners.appenddowncastroot; collectFrameOwnersframeOwners, root; // Must disable frame loading in the subtree so an unload handler cannot // insert more frames and create loaded frames in detached subtrees. SubframeLoadingDisabler...

7.4AI score
Exploits0
OSV
OSV
added 2016/07/23 7:59 p.m.2 views

CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

8.8CVSS7.3AI score0.01465EPSS
Exploits0References17
OSV
OSV
added 2016/07/23 12:0 a.m.3 views

UBUNTU-CVE-2016-5132

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...

8.8CVSS7.3AI score0.01465EPSS
Exploits0References4
OSV
OSV
added 2016/05/14 9:59 p.m.3 views

CVE-2016-1664

The HistoryController::UpdateForCommit function in content/renderer/historycontroller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web sit...

4.3CVSS6.8AI score0.0098EPSS
Exploits0References11
NVD
NVD
added 2016/05/14 9:59 p.m.15 views

CVE-2016-1664

The HistoryController::UpdateForCommit function in content/renderer/historycontroller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web sit...

4.3CVSS5.8AI score0.0098EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2016/05/02 12:36 p.m.5 views

chromium-browser: address bar spoofing

The HistoryController::UpdateForCommit function in content/renderer/historycontroller.cc in Google Chrome before 50.0.2661.94 mishandles the interaction between subframe forward navigations and other forward navigations, which allows remote attackers to spoof the address bar via a crafted web sit...

4.3CVSS7.4AI score0.0098EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Internet Explorer 4.1/5.0/4.0.1 Subframe Spoofing Vulnerability

No description provided by source. Internet Explorer 4.1 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.0 for Windows 95/Windows 98/Windows NT 4,Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0 Subframe Spoofing Vulnerability source: http://www.securityfocus.com/bid/855/info IE's...

7.1AI score
Exploits0
NVD
NVD
added 2013/12/18 4:4 p.m.17 views

CVE-2013-5227

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields...

6.4CVSS6.2AI score0.02259EPSS
Exploits1References6
Prion
Prion
added 2013/12/18 4:4 p.m.20 views

Design/Logic Flaw

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields...

6.4CVSS6.7AI score0.02259EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2013/12/18 11:0 a.m.26 views

CVE-2013-5227

Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields...

6.2AI score0.02259EPSS
Exploits1References6
CVE
CVE
added 2013/12/18 11:0 a.m.68 views

CVE-2013-5227

CVE-2013-5227 (Safari autofill origin tracking) affects Apple Safari, where remote attackers could bypass Same Origin Policy and discover credentials by triggering autofill of subframe form fields. The vulnerability is described as: Safari may autofill user names and passwords into a subframe fro...

6.4CVSS6.2AI score0.02259EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2012/02/16 8:55 p.m.15 views

CVE-2011-3021

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading...

7.5CVSS6.9AI score0.01881EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2012/02/16 8:55 p.m.21 views

CVE-2011-3021

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading...

7.5CVSS7.2AI score0.01881EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2012/02/16 8:55 p.m.3 views

CVE-2011-3021

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading...

7.5CVSS5.9AI score0.01881EPSS
Exploits1References11
Prion
Prion
added 2012/02/16 8:55 p.m.22 views

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading...

7.5CVSS7.6AI score0.01881EPSS
Exploits1References10Affected Software4
OSV
OSV
added 2012/02/16 8:55 p.m.6 views

UBUNTU-CVE-2011-3021

Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to subframe loading...

7.5CVSS7.4AI score0.01881EPSS
Exploits1References2
CVE
CVE
added 2012/02/16 8:0 p.m.64 views

CVE-2011-3021

CVE-2011-3021 affects Google Chrome up to version 17.0.963.56, where a use-after-free in the subframe loading path allows remote attackers to cause a denial of service and potentially other impacts. The issue is triggered via subframe loading vectors and is described as a use-after-free vulnerabi...

7.5CVSS7AI score0.01881EPSS
Exploits1References10Affected Software1
Rows per page
Query Builder