5125 matches found
PT-2025-39905
Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS is a free, self-hostable RSS aggregator susceptible to a flaw where a crafted page can mislead a user into executing arbitrary JavaScript code or elevating privileges within FreshRSS. Thi...
Malicious code in @discord-external/activity-iframe-sdk (npm)
The package @discord-external/activity-iframe-sdk was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4df7af2ceae80fdc052edf95094a378287786ae21cfec9a6104a2af2b1d9b98 This package installs a dependency hosted on a cust...
MAL-2025-47574 Malicious code in @discord-external/activity-iframe-sdk (npm)
The package @discord-external/activity-iframe-sdk was found to contain malicious code. --- -= Per source details. Do not edit below this line.=- Source: google-open-source-security c4df7af2ceae80fdc052edf95094a378287786ae21cfec9a6104a2af2b1d9b98 This package installs a dependency hosted on a cust...
Exploit for CVE-2025-51591
CVE-2025-51591 Pandoc SSRF POC A Server-Side Request Forger...
Exploit for Server-Side Request Forgery in Wkhtmltopdf
CVE-2022-35583 Pandoc SSRF POC A Server-Side Request Forgery...
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-59553
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coderz Studio Custom iFrame for Elementor custom-iframe allows DOM-Based XSS.This issue affects Custom iFrame for Elementor: from n/a through = 1.0.13...
Cross-site Scripting (XSS)
Overview @meshconnect/web-link-sdk is an A client-side JS library for integrating with Mesh Connect Affected versions of this package are vulnerable to Cross-site Scripting XSS via the createLink.openLink function. An attacker can execute arbitrary JavaScript code in the context of the parent pag...
GHSA-VH3F-QPPR-J97F Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...
Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...
CVE-2025-59553
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coderz Studio Custom iFrame for Elementor custom-iframe allows DOM-Based XSS.This issue affects Custom iFrame for Elementor: from n/a through = 1.0.13...
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-59430
Mesh Connect JS SDK contains a cross-site scripting (XSS) vulnerability in the web-link component. Prior to version 3.3.2, createLink.openLink does not sanitize the URL protocol, allowing an attacker-controlled base64-encoded payload to set an iframe src that executes arbitrary JavaScript in the ...
CVE-2025-59430 Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Michael in WordPress Plugin Custom iFrame for Elementor versions = 1.0.13...
CVE-2025-59553 WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coderz Studio Custom iFrame for Elementor custom-iframe allows DOM-Based XSS.This issue affects Custom iFrame for Elementor: from n/a through = 1.0.13...
CVE-2025-59553
CVE-2025-59553 affects the Custom iFrame for Elementor plugin. The issue is described as an improper neutralization of input during web page generation that leads to a cross-site scripting (XSS) vulnerability. The affected range is Custom iFrame for Elementor from initial release to version 1.0.1...
CVE-2025-59553 WordPress Custom iFrame for Elementor Plugin <= 1.0.13 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Coderz Studio Custom iFrame for Elementor custom-iframe allows DOM-Based XSS.This issue affects Custom iFrame for Elementor: from n/a through = 1.0.13...
PT-2025-39037
Name of the Vulnerable Software and Affected Versions Coderz Studio Custom iFrame for Elementor versions through 1.0.13 Description An issue exists in Coderz Studio Custom iFrame for Elementor that allows for DOM-Based Cross-site Scripting XSS. The issue is due to improper neutralization of input...
WordPress plugin Custom iFrame for Elementor 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...