5 matches found
CVE-2026-3327
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection
Authenticated Iframe Injection in Dato CMS Web Previews plugin. This vulnerability permits a malicious authenticated user to circumvent the restriction enforced on the configured frontend URL, enabling the loading of arbitrary external resources or origins. This issue affects Web Previews v1.0.31...
DatoCMS 安全漏洞
DatoCMS is an open-source content management system developed by DatoCMS. Versions of DatoCMS prior to v1.0.31 contained security vulnerabilities. These vulnerabilities were caused by iframe injection during authentication processes, which could lead to the loading of arbitrary external resources...
Malicious code in cms-datocms (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fac9800b3ed890acb1273186fb6afc84b6334fe3867bb6aa084305adc3310976 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...