EUVD-2023-1649

Malicious code in bioql PyPI...

EUVD-2025-17563

Malicious code in bioql PyPI...

CVE-2025-49139 @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is...

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

GHSA-X82Q-MR23-27JC Cross-site scripting in Liferay Portal

Cross-site scripting XSS vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL...

PT-2023-24582

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.30 Liferay DXP 7.4 before update 31 Description A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL in IFrame type Remote...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2022-27197

Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet's Iframe source URL, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to configure views...

chromium-browser: script injection in extensions

The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote attackers to conduct extension-bindings injection attacks by leveraging script access to a...

WordPress Encrypted Contact Form plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Encrypted Contact Form plugin is a WordPress plugin that uses end-to-end encryption to send user information. A...