Linux Distros Unpatched Vulnerability : CVE-2024-29203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content insertion code. This allowed iframe...

CVE-2025-49422

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...

CVE-2025-49411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1...

CVE-2025-49411 WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1...

CVE-2025-49411 WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vikas Sharma iFrame Block allows Stored XSS. This issue affects iFrame Block: from n/a through 0.1.1...

CVE-2025-49422 WordPress iframe Wrapper plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aelora iframe Wrapper allows DOM-Based XSS. This issue affects iframe Wrapper: from n/a through 0.1.1...

CVE-2025-49422 WordPress Support Ticket Plugin <= 1.9 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through = 1.9...

CVE-2025-49422

CVE-2025-49422 is a Privilege Escalation vulnerability in the WordPress plugin Support Ticket (Themepassion). The issue is described as an Incorrect Privilege Assignment that could allow escalation to higher-privilege actions in the affected plugin versions, specifically

WordPress plugin iframe Wrapper 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Advanced iFrame plugin cross-site scripting vulnerability

WordPress Advanced iFrame plugin is a plugin for WordPress platform which is mainly used for embedding iframe content in websites. The WordPress Advanced iFrame plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

PT-2025-33950 · Unknown · Aelora Iframe Wrapper

Name of the Vulnerable Software and Affected Versions: Aelora iframe Wrapper versions n/a through 0.1.1 Description: Aelora iframe Wrapper is susceptible to a DOM-Based Cross-Site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update Aelora...

PT-2025-33946 · Vikas Sharma · Iframe Block

Name of the Vulnerable Software and Affected Versions: iFrame Block versions n/a through 0.1.1 Description: This issue involves improper neutralization of input during web page generation, leading to a Stored Cross-site Scripting XSS condition in Vikas Sharma iFrame Block. Successful exploitation...

WordPress plugin和WordPress 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability affects Firefox 141...

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...

CVE-2025-8042 Sandboxed iframe could start downloads

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...

CVE-2025-8042

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...

CVE-2025-8042

CVE-2025-8042 affects Mozilla Firefox for Android up to version 141. A sandboxed iframe without the allow-downloads attribute could initiate downloads, enabling information disclosure and potentially arbitrary code execution. CVSSv3.1 is high/critical with network vector, no user interaction. Rem...

CVE-2025-8042 Sandboxed iframe could start downloads

Firefox for Android allowed a sandboxed iframe without the allow-downloads attribute to start downloads. This vulnerability was fixed in Firefox 141...

CVE-2025-52478

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...