852 matches found
PT-2025-29230
Name of the Vulnerable Software and Affected Versions JGM Pandoc version 3.6.4 Description A Server-Side Request Forgery SSRF issue exists in JGM Pandoc version 3.6.4. This flaw allows attackers to potentially compromise the entire infrastructure by injecting a crafted iframe. Reports indicate...
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
CVE-2024-0756
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...
CVE-2022-38357
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/moduleframe/index.php...
CVE-2021-32745
Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabo...
CVE-2025-30158
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker ...
PT-2025-17309 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions 2.1.4 and prior Description: The issue allows an authenticated attacker to perform a UI-based denial of service DoS by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This is...
phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames
Exploit Title: phpMyFAQ v3.2.10 - Unintended File Download Triggered by Embedded Frames Date: 13 Dec 2024 Exploit Author: George Chen Vendor Homepage: https://github.com/thorsten/phpMyFAQ/ Software Link: https://github.com/thorsten/phpMyFAQ/ Version: v3.2.10 Tested on: Mac, Win CVE : CVE-2024–558...
Vasion Print 安全漏洞
Vasion Print is a SaaS-based, cloud-hosted application from Vasion for managing and deploying printers. A security vulnerability exists in Vasion Print versions prior to 22.0.843 and Application 20.0.1923, which stems from allowing arbitrary content injection via Iframe...
CVE-2022-4032
The Quiz and Survey Master plugin for WordPress is vulnerable to iFrame Injection via the 'questionid' parameter in versions up to, and including, 8.0.4 due to insufficient input sanitization and output escaping that allowed iframe tags to be injected. This makes it possible for unauthenticated...
CVE-2022-4035
The Appointment Hour Booking plugin for WordPress is vulnerable to iFrame Injection via the ‘email’ or general field parameters in versions up to, and including, 1.3.72 due to insufficient input sanitization and output escaping that makes injecting iFrame tags possible. This makes it possible for...
DEBIAN-CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
CVE-2024-21535
Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting XSS via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown...
BIT-DISCOURSE-2024-39320 Discourse allows iframe injection though default site setting
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
CVE-2024-39320 Discourse allows iframe injection though default site setting
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
PT-2024-28445 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.5 Discourse versions prior to 3.3.0.beta5 Description: The issue allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowed iframes setting. Recommendation...
Discourse 安全漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse. An attacker exploited the vulnerability to inject iframes from any domain, thereby bypassing...
WordPress Insert or Embed Articulate Content into WordPress plugin <= 4.3000000024 - Iframe Injection vulnerability
Iframe Injection vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Insert or Embed Articulate Content into WordPress versions = 4.3000000024...
CVE-2024-0756
The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...