355 matches found
EUVD-2023-51872
Malicious code in bioql PyPI...
EUVD-2023-58349
Malicious code in bioql PyPI...
EUVD-2024-39265
Malicious code in bioql PyPI...
EUVD-2022-5498
Malicious code in bioql PyPI...
EUVD-2022-27698
Malicious code in bioql PyPI...
CVE-2025-57117
A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on the department.php page by injecting a malicious payload into the Department Name field under Add Department...
RLSA-2025:8756 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...
RLSA-2025:8308 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential local code execution ...
TP-Link Archer C1200 vulnerable to clickjacking
Overview Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 - CVE-2025-6983 Daimon Kawashima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user...
JVN#39913189: TP-Link Archer C1200 vulnerable to clickjacking
Archer C1200 provided by TP-Link Systems Inc. contains the following vulnerability. Clickjacking CWE-1021 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2025-6983 Impact If a user views a malicious pag...
Clickjacking
@haxtheweb/haxcms-nodejs and elmsln/haxcms are vulnerable to Clickjacking. The vulnerability is due to missing anti-framing headers caused by the absence of X-Frame-Options or equivalent headers in both the CMS and generated sites, allowing unauthenticated attackers to embed sensitive pages in...
CVE-2025-54139
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139
CVE-2025-54139 affects HAX CMS NodeJS and PHP backends. Versions haxcms-nodejs ≤ 11.0.12 and haxcms-php ≤ 11.0.7 expose pages without anti-iframe headers, enabling unauthenticated attackers to load sensitive pages (including login) in an iframe and perform a UI redress (clickjacking). Impact is U...
HAX CMS application pages vulnerable to clickjacking
Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...
GHSA-54VW-F4XF-F92J HAX CMS application pages vulnerable to clickjacking
Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...
PT-2025-30361 · Hax Cms · Hax Cms
Name of the Vulnerable Software and Affected Versions: HAX CMS versions 11.0.7 and below PHP HAX CMS versions 11.0.12 and below NodeJS Description: HAX CMS does not include headers to prevent websites from loading the application within an iframe. This affects both the CMS and generated sites. An...
CVE-2025-6983
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...
CVE-2025-6983
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 = 1.1.5...