Lucene search
+L

853 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.12 views

CVE-2022-37244

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection...

5.4CVSS6.9AI score0.00464EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:4 a.m.5 views

CVE-2024-39320

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

6.1CVSS6.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/23 1:18 p.m.7 views

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

9.6CVSS8.2AI score0.00514EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/22 9:30 p.m.5 views

EUVD-2024-24902

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

9.6CVSS7.7AI score0.00514EPSS
Exploits1References3
NVD
NVD
added 2025/12/22 8:15 p.m.7 views

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

9.6CVSS0.00514EPSS
Exploits1References2
OSV
OSV
added 2025/12/22 8:15 p.m.3 views

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

9.6CVSS6.1AI score0.00514EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/22 12:0 a.m.29 views

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

0.00514EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/22 12:0 a.m.4 views

AIRC MyNET 安全漏洞

AIRC MyNET is a specialized online management system from AIRC Portugal. A security vulnerability exists in AIRC MyNET v26.06 and earlier versions, which stems from an iframe injection issue with the src parameter that could lead to the execution of arbitrary code by a remote attacker...

9.6CVSS7.6AI score0.00514EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/22 12:0 a.m.2 views

CVE-2024-27708

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

7.9AI score0.00514EPSS
Exploits1References2
CVE
CVE
added 2025/12/22 12:0 a.m.16 views

CVE-2024-27708

CVE-2024-27708 affects AIRC MyNET v26.06 and earlier. An iframe injection via the src parameter allows remote code execution with network access and user interaction required. The vulnerability impact is rated CRITICAL (CVSS 3.1: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H). Red Hat and ENISA/EUVD entrie...

9.6CVSS7.9AI score0.00514EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/22 12:0 a.m.8 views

PT-2025-52681

Name of the Vulnerable Software and Affected Versions MyNET versions 26.06 and earlier Description An iframe injection issue exists that allows a remote attacker to execute arbitrary code. The issue is related to the src parameter. Recommendations Versions prior to 26.06 should be updated...

9.6CVSS7.6AI score0.00514EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/12/16 5:3 p.m.2 views

CVE-2023-53898 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Configuration

Rukovoditel 3.4.1 contains a stored cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts. Attackers can insert iframe and script payloads in application copyright text to execute arbitrary JavaScript in victim browsers...

5.4CVSS6AI score0.00208EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

Rukovoditel 安全漏洞

Rukovoditel is a web-based open source project management software from the Rukovoditel team. The software features project management, customer relationship management, and more. A security vulnerability exists in Rukovoditel version 3.4.1, which stems from a stored cross-site scripting...

5.4CVSS5.8AI score0.00208EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/11/19 1:28 p.m.15 views

CVE-2025-0421 iFrame Injection in Mikrogrup's Shopside

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...

4.7CVSS0.00205EPSS
Exploits0References2
CVE
CVE
added 2025/11/19 1:28 p.m.16 views

CVE-2025-0421

CVE-2025-0421 describes an improper restriction of rendered UI layers or frames in Shopside, enabling an iFrame overlay vulnerability in Shopside Software Technologies Inc. The issue affects Shopside versions through 05022025. The available documents identify the affected product and the underlyi...

4.7CVSS5.4AI score0.00205EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/19 1:28 p.m.10 views

CVE-2025-0421 iFrame Injection in Mikrogrup's Shopside

Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay. This issue affects Shopside: through 05022025...

4.7CVSS5.4AI score0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/30 9:30 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Content field in the Blogs widget. An attacker can execute arbitrary scripts or HTML by injecting a crafted element. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attack...

5.4CVSS5.5AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 7:16 p.m.14 views

CVE-2025-62265

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

5.4CVSS0.00201EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 7:16 p.m.8 views

CVE-2025-62265

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

5.4CVSS5.7AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 6:30 p.m.6 views

CVE-2025-62265

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allow...

4.8CVSS5.7AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder