Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iframe project iframe vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2018-3771
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Statics-server Project Statics-server
383
VMScore
CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
Cockpit-project Cockpit
Redhat Enterprise Linux 8.0
383
VMScore
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a di...
Glance Project Glance 3.0.5
383
VMScore
CVE-2021-34649
The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 0.2.
Simple-behace-portfolio Project Simple-behace-portfolio
383
VMScore
CVE-2021-38338
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Border Loading Bar Project Border Loading Bar
605
VMScore
CVE-2020-24772
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that requ...
Clash Project Clash 0.11.4
312
VMScore
CVE-2019-1010310
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Desc...
Glpi-project Glpi 9.3.1
383
VMScore
CVE-2007-3089
Mozilla Firefox prior to 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote malicious users to display arbitrary HTML or execute certain JavaScript code, as demonstrated by ...
Mozilla Firefox 1.0
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0.8
Mozilla Firefox 0.8
Mozilla Firefox 0.9
Mozilla Firefox 0.9.1
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.5
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5.2
Mozilla Firefox 2.0
Mozilla Firefox 2.0.0.1
Mozilla Firefox 0.10
Mozilla Firefox 0.10.1
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.3
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.7
Mozilla Firefox 1.5.0.8
605
VMScore
CVE-2020-4054
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or sv...
Sanitize Project Sanitize
605
VMScore
CVE-2021-32810
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions before 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgo...
Crossbeam Project Crossbeam
Fedoraproject Fedora 34
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »