Lucene search
K

852 matches found

Positive Technologies
Positive Technologies
added 2025/07/11 12:0 a.m.4 views

PT-2025-29230

Name of the Vulnerable Software and Affected Versions JGM Pandoc version 3.6.4 Description A Server-Side Request Forgery SSRF issue exists in JGM Pandoc version 3.6.4. This flaw allows attackers to potentially compromise the entire infrastructure by injecting a crafted iframe. Reports indicate...

6.1CVSS5.7AI score0.00609EPSS
Exploits1References75
Vulnrichment
Vulnrichment
added 2025/07/11 12:0 a.m.2 views

CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

6.6AI score0.00609EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/07/11 12:0 a.m.12 views

CVE-2025-51591

A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...

0.00609EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.11 views

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

5.4CVSS6.9AI score0.00202EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:22 p.m.7 views

CVE-2022-38357

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/moduleframe/index.php...

8.8CVSS7.2AI score0.00886EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.9 views

CVE-2021-32745

Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabo...

7.3CVSS5.9AI score0.00603EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/25 6:26 p.m.14 views

CVE-2025-30158

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker ...

7.1CVSS6.7AI score0.00449EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.5 views

PT-2025-17309 · Unknown · Namelessmc

Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue allows an authenticated attacker to perform a UI-based denial of service DoS by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This is...

7.1CVSS6.2AI score0.00449EPSS
Exploits1References10
Exploit DB
Exploit DB
added 2025/04/16 12:0 a.m.192 views

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: v3.2.10 Tested on: Mac, Win CVE : CVE-2024–558...

7.2CVSS7.4AI score0.02121EPSS
Exploits3
CNNVD
CNNVD
added 2025/03/05 12:0 a.m.2 views

Vasion Print 安全漏洞

Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.843 and Application 20.0.1923, which stems from allowing arbitrary content injection via Iframe...

9.8CVSS7.1AI score0.00617EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 8:23 p.m.13 views

CVE-2022-4032

The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'questionid' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated...

7.2CVSS7AI score0.00724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:16 p.m.12 views

CVE-2022-4035

The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...

7.2CVSS7.1AI score0.00687EPSS
Exploits1References1
OSV
OSV
added 2024/10/15 5:15 a.m.4 views

DEBIAN-CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...

6.1CVSS6.6AI score0.00503EPSS
Exploits1References1
OSV
OSV
added 2024/10/15 5:15 a.m.9 views

CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...

6.1CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2024/08/01 11:17 a.m.11 views

BIT-DISCOURSE-2024-39320 Discourse allows iframe injection though default site setting

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS6.1AI score0.0036EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/30 2:33 p.m.31 views

CVE-2024-39320 Discourse allows iframe injection though default site setting

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS0.0036EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-28445 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.5 Discourse versions prior to 3.3.0.beta5 Description: The issue allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed iframes setting. Recommendation...

6.1CVSS7.1AI score0.0036EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.6 views

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse. An attacker exploited the vulnerability to inject iframes from any domain, thereby bypassing...

6.1CVSS6.5AI score0.0036EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/05 2:55 a.m.10 views

WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000024 - Iframe Injection vulnerability

Iframe Injection vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Insert or Embed Articulate Content into WordPress versions = 4.3000000024...

5.4CVSS7.3AI score0.00202EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/06/04 3:15 p.m.22 views

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

5.4CVSS7.5AI score0.00202EPSS
Exploits2References1
Rows per page
Query Builder