CVE-2025-12245

Chatwoot before 4.7.0 is affected by a vulnerability in the Widget component, specifically the initPostMessageCommunication function in app/javascript/sdk/IFrameHelper.js, where manipulating the baseUrl argument triggers an origin validation error. The issue allows remote exploitation and has bee...

CVE-2025-12245 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

EUVD-2025-36123

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

PT-2025-43903

Name of the Vulnerable Software and Affected Versions chatwoot versions up to 4.7.0 Description A security flaw exists in chatwoot affecting the Admin Interface component, specifically within the app/javascript/shared/components/IframeLoader.vue file. Manipulation of the Link argument can lead to...

Linux Distros Unpatched Vulnerability : CVE-2025-11716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Links in a sandboxed iframe could open an external app on Android without the required allow- permission. This vulnerability was fixed in Firefox 144 and...

CVE-2025-11813 Responsive iframe GoogleMap <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...

EUVD-2025-35340

The Responsive iframe GoogleMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsivemap' shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on the 'width' and 'height' attributes. This makes it...

WordPress plugin Responsive iframe GoogleMap 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Responsive iframe GoogleMap plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by zakaria in WordPress Plugin Responsive iframe GoogleMap versions = 1.0.2...

CVE-2025-62583

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment...

CVE-2025-62583

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment...

CVE-2025-62583

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment...

CVE-2025-62583

Whale Browser is affected up to version 4.33.325.16 (pre-4.33.325.17). The issue is described as an iframe sandbox escape in a dual-tab environment, potentially enabling escape from sandboxed context. Connected advisories (Red Hat CVE page, ENISA EUVD, CVE lists) confirm the affected product/vers...

CVE-2025-62583

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment...

CVE-2025-62583

Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment...

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...

EUVD-2025-34199

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox 144 and Thunderbird 144...

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox 144 and Thunderbird 144...

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability affects Firefox 144 and Thunderbird 144...

CVE-2025-11716

Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...