853 matches found
CVE-2022-37244
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection...
CVE-2024-39320
Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...
CVE-2024-27708
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...
EUVD-2024-24902
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...
CVE-2024-27708
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...
CVE-2024-27708
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...
CVE-2024-27708
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...
AIRC MyNET 安全漏洞
AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.06 and earlier versions, which stems from an iframe injection issue with the src parameter that could lead to the execution of arbitrary code by a remote attacker...
CVE-2024-27708
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...
CVE-2024-27708
CVE-2024-27708 affects AIRC MyNET v26.06 and earlier. An iframe injection via the src parameter allows remote code execution with network access and user interaction required. The vulnerability impact is rated CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Red Hat and ENISA/EUVD entrie...
PT-2025-52681
Name of the Vulnerable Software and Affected Versions MyNET versions 26.06 and earlier Description An iframe injection issue exists that allows a remote attacker to execute arbitrary code. The issue is related to the src parameter. Recommendations Versions prior to 26.06 should be updated...
CVE-2023-53898 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Configuration
Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers...
Rukovoditel 安全漏洞
Rukovoditel is a web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A security vulnerability exists in Rukovoditel version 3.4.1, which stems from a stored cross-site scripting...
CVE-2025-0421 iFrame Injection in Mikrogrup's Shopside
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...
CVE-2025-0421
CVE-2025-0421 describes an improper restriction of rendered UI layers or frames in Shopside, enabling an iFrame overlay vulnerability in Shopside Software Technologies Inc. The issue affects Shopside versions through 05022025. The available documents identify the affected product and the underlyi...
CVE-2025-0421 iFrame Injection in Mikrogrup's Shopside
Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Content field in the Blogs widget. An attacker can execute arbitrary scripts or HTML by injecting a crafted element. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attack...
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...
CVE-2025-62265
Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...