Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iframe project iframe vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-3771
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Statics-server Project Statics-server
4.3
CVSSv2
CVE-2021-3660
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.
Cockpit-project Cockpit
Redhat Enterprise Linux 8.0
4.3
CVSSv2
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a di...
Glance Project Glance 3.0.5
4.3
CVSSv2
CVE-2021-34649
The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 0.2.
Simple-behace-portfolio Project Simple-behace-portfolio
4.3
CVSSv2
CVE-2021-38338
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Border Loading Bar Project Border Loading Bar
6.8
CVSSv2
CVE-2020-24772
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that requ...
Clash Project Clash 0.11.4
3.5
CVSSv2
CVE-2019-1010310
GLPI GLPI Product 9.3.1 is affected by: Frame and Form tags Injection allowing admins to phish users by putting code in reminder description. The impact is: Admins can phish any user or group of users for credentials / credit cards. The component is: Tools > Reminder > Desc...
Glpi-project Glpi 9.3.1
4.3
CVSSv2
CVE-2007-3089
Mozilla Firefox prior to 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote malicious users to display arbitrary HTML or execute certain JavaScript code, as demonstrated by ...
Mozilla Firefox 1.0
Mozilla Firefox 1.0.1
Mozilla Firefox 1.0.8
Mozilla Firefox 0.8
Mozilla Firefox 0.9
Mozilla Firefox 0.9.1
Mozilla Firefox 1.0.4
Mozilla Firefox 1.0.5
Mozilla Firefox 1.5.0.11
Mozilla Firefox 1.5.0.2
Mozilla Firefox 1.5.1
Mozilla Firefox 1.5.2
Mozilla Firefox 2.0
Mozilla Firefox 2.0.0.1
Mozilla Firefox 0.10
Mozilla Firefox 0.10.1
Mozilla Firefox 1.0.2
Mozilla Firefox 1.0.3
Mozilla Firefox 1.5.0.1
Mozilla Firefox 1.5.0.10
Mozilla Firefox 1.5.0.7
Mozilla Firefox 1.5.0.8
6.8
CVSSv2
CVE-2020-4054
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or sv...
Sanitize Project Sanitize
6.8
CVSSv2
CVE-2021-32810
crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions before 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are forgo...
Crossbeam Project Crossbeam
Fedoraproject Fedora 34
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »