208 matches found
EUVD-2015-6375
Malware in sbrugna...
EUVD-2013-6170
Malware in sbrugna...
EUVD-2016-9825
Malware in sbrugna...
EUVD-2024-0263
Malicious code in bioql PyPI...
EUVD-2025-26496
Malicious code in bioql PyPI...
CVE-2025-41000
Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...
Improper Restriction of Rendered UI Layers or Frames
Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the iframe element. An attacker can execute unauthorized scripts in the context of a user's browser by embedding the application within a malicious frame. Note: This is only...
CVE-2025-41000
Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...
CVE-2025-41000
Summary: CVE-2025-41000 describes a Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. The vulnerability stems from an XFS-style web attack that can expose user information via JavaScript when the application is embedded in a malicious frame; exploitation is linked to so...
CVE-2025-41000 Cross-Frame Scripting (XFS) in BoomCMS
Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...
CVE-2025-41000 Cross-Frame Scripting (XFS) in BoomCMS
Cross-Frame Scripting XFS vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceive...
PT-2025-35710
Name of the Vulnerable Software and Affected Versions: BoomCMS version 9.1.4 Description: This issue is a Cross-Frame Scripting XFS vulnerability. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript and relies on social engineering. It is perceived as ...
CVE-2021-24246
The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscoutsendmessagechat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues...
CVE-2013-5482
Cisco Prime LAN Management Solution LMS does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCug77823...
CVE-2013-6344
The ZCC page in Novell ZENworks Configuration Management ZCM before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors...
CVE-2013-0939
EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a "Cross Frame Scripting"...
CVE-2019-16193
In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting XFS attack through the EDIT MY PROFILE feature...
CVE-2013-3275
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly restrict use of FRAME elements, which makes it easier for remote attackers to obtain sensitive information via a crafted web site, related to "cross frame scripting vulnerabilitie...
Security Bulletin: IBM InfoSphere Information Server is vulnerable to a Cross-Frame Scripting Exploit (CVE-2021-29827)
Summary A cross-frame scripting vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-29827 DESCRIPTION: IBM InfoSphere Information Server could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a...
Cross-Frame Scripting (XFS)
plone is vulnerable toCross-Frame Scripting XFS. The vulnerability is due to a lack sanitization for URLs and iframe elements. This allows an attacker to embed malicious scripts within these iframe elements, which are executed when accessed by an administrator...