20 matches found
CVE-2025-55126
HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...
CVE-2025-55126
HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...
CVE-2025-55126
Revive Adserver is affected by a stored XSS in the navigation/advertiser pages where campaign names are stored and later rendered without escaping. The vulnerability is exploitable by a low-privilege authenticated user who can store HTML/JS in campaign names via the admin Inventory → Banners adve...
EUVD-2023-33082
Malicious code in bioql PyPI...
CVE-2023-29540
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
Code injection
Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...
Open Redirect
firefox is vulnerable to Open Redirect. The vulnerability exists when a redirect embedded into sourceMappingUrls could allow navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols...
SUSE CVE-2022-34474
Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...
CVE-2022-34474
Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...
DEBIAN-CVE-2022-29911
An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...
UBUNTU-CVE-2022-34474
Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla: iframe Sandbox bypass
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...
Mozilla Firefox 安全特征问题漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security signature issue vulnerability that stems from improper protection of top-level navigation in the iframe sandbox, which relaxes policies for keywords such as...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Cross site scripting
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...
CVE-2019-15499
CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...
PT-2017-10689 · Nextcloud · Nextcloud Server
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue concerns a Content-Spoofing vulnerability in the files app. It allows for partially user-controllable input in the top navigation bar o...