5125 matches found
Improper Restriction of Rendered UI Layers or Frames
Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the iframe element. An attacker can execute unauthorized scripts in the context of a user's browser by embedding the application within a malicious frame. Note: This is only...
PT-2025-35714
Name of the Vulnerable Software and Affected Versions: Akinsoft LimonDesk versions s1.02.14 through s1.02.16 Description: An improper restriction of rendered UI layers or frames issue exists in Akinsoft LimonDesk, allowing for iFrame overlay and clickjacking attacks CAPEC - 103. Recommendations:...
LimonDesk 安全漏洞
LimonDesk is a real-time chat, work order ticketing, and other features from LimonDesk Turkey. A security vulnerability exists in LimonDesk s1.02.14 through versions prior to v1.ylabel17, which stems from an improperly restricted rendering UI layer or frame, which could lead to iframe overrides a...
Linux Distros Unpatched Vulnerability : CVE-2018-17472
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the sandbox via a...
Linux Distros Unpatched Vulnerability : CVE-2018-4319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-origin issue existed with iframe elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12,...
Linux Distros Unpatched Vulnerability : CVE-2021-1801
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update...
Linux Distros Unpatched Vulnerability : CVE-2021-1765
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update...
Linux Distros Unpatched Vulnerability : CVE-2023-28439
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media...
Mozilla Firefox for Android Information Disclosure Vulnerability (CNVD-2025-19560)
Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. An information disclosure vulnerability exists in Mozilla Firefox for Android prior to version 141, which originates from a sandboxed iframe without the allow-downloads attribute that can...
Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2025-19562)
Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which stems from a sandboxed iframe that may bypass restrictions on downloading files to the device. An...
Linux Distros Unpatched Vulnerability : CVE-2021-30744
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and...
Linux Distros Unpatched Vulnerability : CVE-2016-10245
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2025-50733
NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...
CVE-2025-50733
NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...
CVE-2025-49422
Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...
CVE-2025-50733
NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...
CVE-2025-50733
NextChat has an XSS vulnerability in the HTMLPreview component (artifacts.tsx). User-influenced HTML from AI responses is rendered in an iframe with allow-scripts without proper sanitization, enabling injection of JavaScript. Impact stated includes exfiltration of sensitive data (e.g., API keys i...
CVE-2025-50733
NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...
PT-2025-34377 · Nextchat · Nextchat
Name of the Vulnerable Software and Affected Versions: NextChat affected versions not specified Description: NextChat contains a cross-site scripting XSS issue in the HTMLPreview component of artifacts.tsx. This allows attackers to execute arbitrary JavaScript code when HTML content is rendered i...
CVE-2025-8042
Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...