5125 matches found
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
PT-2025-29230
Name of the Vulnerable Software and Affected Versions JGM Pandoc version 3.6.4 Description A Server-Side Request Forgery SSRF issue exists in JGM Pandoc version 3.6.4. This flaw allows attackers to potentially compromise the entire infrastructure by injecting a crafted iframe. Reports indicate...
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
CVE-2025-51591
A Server-Side Request Forgery SSRF in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable SSRF vulnerabilitie...
DRUPAL-CONTRIB-2025-087
This module provides a format filter, which allows you to "disable" iframes e.g. remove their src attribute specified by the user. These elements will be enabled again, once the Cookies banner is accepted. The module doesn't sufficiently filter user-supplied content when their value might contain...
Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087
This module provides a format filter, which allows you to "disable" iframes e.g. remove their src attribute specified by the user. These elements will be enabled again, once the Cookies banner is accepted. The module doesn't sufficiently filter user-supplied content when their value might contain...
webkitgtk: IFrame sandboxing policy violation
A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...
webkitgtk: Loading a malicious iframe may lead to a cross-site scripting attack
A flaw was found in WebKitGTK. Loading a malicious iframe can cause a cross-site scripting attack due to permissions issues...
webkitgtk: IFrame sandboxing policy violation
A flaw was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Maliciously crafted web content may violate the iframe sandboxing policy. The highest threat from this vulnerability is to data integrity...
webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site...
CVE-2025-30969
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...
Exploit for Use After Free in Google Chrome
CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86. This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe. host iframe.html on one site an...
CVE-2025-30969
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...
CVE-2025-30969
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...
CVE-2025-30969 WordPress iFrame Images Gallery plugin <= 9.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...
CVE-2025-30969 WordPress iFrame Images Gallery plugin <= 9.0 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus iFrame Images Gallery wp-iframe-images-gallery allows SQL Injection.This issue affects iFrame Images Gallery: from n/a through = 9.0...
CVE-2025-30969
CVE-2025-30969 affects the WordPress plugin iFrame Images Gallery (versions
WordPress plugin iFrame Images Gallery SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CKEditor5 Youtube - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-081
The CKEditor5 Youtube module enhances content creation in Drupal by seamlessly integrating YouTube video embedding into the CKEditor 5 text editor. The module doesn't sufficiently validate iframe sources under the scenario where a user embeds a video using the CKEditor YouTube integration leading...
Directory Traversal
openc3-cosmos-tool-iframe is vulnerable to Directory Traversal. The vulnerability is due to improper input validation and insufficient sanitization of path parameters in the /script-api/scripts/ endpoint, allowing attackers to access unauthorized directories...