Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from Naver, a Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 4.35.351.12, which originates from an iframe sandbox escape in the sidebar environment...

EUVD-2025-32481

Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log...

CVE-2025-57769

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...

Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set

The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...

chromium-browser: Cross-origin-bypass in HTML parser

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element...