{"vulnerability": "cve-2018-25081", "sightings": [{"uuid": "ed793ce5-54f9-4c68-b1c9-429c0011c4e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2018-25081", "type": "seen", "source": "https://t.me/cibsecurity/59712", "content": "\u203c CVE-2018-25081 \u203c\n\n** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that \"Auto-fill on page load\" is not enabled by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-09T02:23:34.000000Z"}]}