Lucene search
+L

20 matches found

osv
osv
added 2025/11/20 7:16 p.m.7 views

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS5.8AI score0.00184EPSS
Exploits1References1
cvelist
cvelist
added 2025/11/20 7:7 p.m.15 views

CVE-2025-55126

HackerOne community member Dang Hung Vi vidang04 has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the vector for the stored XSS...

6.5CVSS0.00184EPSS
Exploits1References1
cve
cve
added 2025/11/20 7:7 p.m.14 views

CVE-2025-55126

Revive Adserver is affected by a stored XSS in the navigation/advertiser pages where campaign names are stored and later rendered without escaping. The vulnerability is exploitable by a low-privilege authenticated user who can store HTML/JS in campaign names via the admin Inventory → Banners adve...

6.5CVSS5.8AI score0.00184EPSS
Exploits1References1Affected Software1
euvd
euvd
added 2025/10/03 8:7 p.m.13 views

EUVD-2023-33082

Malicious code in bioql PyPI...

6.1CVSS7.8AI score0.00315EPSS
Exploits0References2
nvd
nvd
added 2023/06/02 5:15 p.m.20 views

CVE-2023-29540

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

6.1CVSS5.5AI score0.00315EPSS
Exploits0References2
prion
prion
added 2023/06/02 5:15 p.m.33 views

Code injection

Using a redirect embedded into sourceMappingUrls could allow for navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

5.8CVSS6.2AI score0.00315EPSS
Exploits0References2Affected Software2
veracode
veracode
added 2023/04/20 9:38 a.m.31 views

Open Redirect

firefox is vulnerable to Open Redirect. The vulnerability exists when a redirect embedded into sourceMappingUrls could allow navigation to external protocol links in sandboxed iframes without allow-top-navigation-to-custom-protocols...

6.1CVSS5.9AI score0.00315EPSS
Exploits0References3Affected Software3
susecve
susecve
added 2023/02/15 3:24 a.m.6 views

SUSE CVE-2022-34474

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

6.1CVSS8.3AI score0.00406EPSS
Exploits0References7
osv
osv
added 2022/12/22 8:15 p.m.3 views

CVE-2022-34474

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

6.1CVSS7.3AI score0.00406EPSS
Exploits0References2
osv
osv
added 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS7.3AI score0.00561EPSS
Exploits0References1
osv
osv
added 2022/07/05 12:0 a.m.4 views

UBUNTU-CVE-2022-34474

Even when an iframe was sandboxed with allow-top-navigation-by-user-activation, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox 102...

6.1CVSS7.1AI score0.00406EPSS
Exploits0References4
redhat
redhat
added 2022/05/18 1:29 a.m.6 views

Mozilla: iframe Sandbox bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...

6.1CVSS7.2AI score0.00561EPSS
Exploits0References4
redhat
redhat
added 2022/05/05 2:36 p.m.5 views

Mozilla: iframe Sandbox bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...

6.1CVSS7.2AI score0.00561EPSS
Exploits0References4
redhat
redhat
added 2022/05/05 2:6 p.m.5 views

Mozilla: iframe Sandbox bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...

6.1CVSS7.2AI score0.00561EPSS
Exploits0References4
redhat
redhat
added 2022/05/05 1:50 p.m.4 views

Mozilla: iframe Sandbox bypass

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of Firefox not protecting against top-level navigations for an iframe sandbox with a policy relaxed through a keyword likely to allow top-navigation-by-user-activation...

6.1CVSS7.2AI score0.00561EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/05/03 12:0 a.m.3 views

Mozilla Firefox 安全特征问题漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security signature issue vulnerability that stems from improper protection of top-level navigation in the iframe sandbox, which relaxes policies for keywords such as...

6.1CVSS7.7AI score0.00561EPSS
Exploits0References19
redhat
redhat
added 2021/11/04 4:47 p.m.3 views

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

10CVSS7.3AI score0.0383EPSS
Exploits0References4
prion
prion
added 2019/08/23 4:15 a.m.22 views

Cross site scripting

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

4.3CVSS5.9AI score0.00857EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2019/08/23 3:19 a.m.19 views

CVE-2019-15499

CodiMD 1.3.1, when Safari is used, allows XSS via an IFRAME element with allow-top-navigation in the sandbox attribute, in conjunction with a data: URL...

6.1AI score0.00857EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2017/04/05 12:0 a.m.15 views

PT-2017-10689 · Nextcloud · Nextcloud Server

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 9.0.55 Nextcloud Server versions prior to 10.0.2 Description: The issue concerns a Content-Spoofing vulnerability in the files app. It allows for partially user-controllable input in the top navigation bar o...

4.3CVSS4.9AI score0.01537EPSS
Exploits0References6
Rows per page
Query Builder