Lucene search
K

5125 matches found

Cvelist
Cvelist
added 2025/08/19 4:32 p.m.8 views

CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...

8.7CVSS0.00347EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/19 4:32 p.m.3 views

CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...

8.7CVSS5.6AI score0.00347EPSS
Exploits0References3
CVE
CVE
added 2025/08/19 4:32 p.m.25 views

CVE-2025-52478

CVE-2025-52478 is a stored XSS in the n8n Form Trigger HTML element affecting versions 1.77.0 up to before 1.98.2. An authenticated attacker can inject malicious HTML via an with a srcdoc payload or through with a using onerror, enabling exfiltration of cookies/browser identifiers and enabling...

8.7CVSS5.6AI score0.00347EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/19 4:32 p.m.5 views

CVE-2025-52478 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes...

8.7CVSS5.6AI score0.00347EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/08/19 3:33 p.m.12 views

Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...

8.7CVSS5.8AI score0.00347EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/08/19 3:33 p.m.3 views

GHSA-HFMV-HHH3-43F2 Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source

Impact A stored Cross-Site Scripting XSS vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an with a srcdoc payload that includes arbitrary JavaScript execution. The attacker can also inject...

8.7CVSS6.3AI score0.00347EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/08/19 9:30 a.m.10 views

WordPress iFrame Block plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by 63n0 Patchstack Bug Bounty Program in WordPress Plugin iFrame Block versions = 0.1.1...

6.5CVSS5.9AI score0.00219EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/19 12:0 a.m.7 views

PT-2025-33750 · N8N · N8N

Name of the Vulnerable Software and Affected Versions: n8n versions 1.77.0 through 1.98.1 Description: n8n is a workflow automation platform. A stored Cross-Site Scripting XSS vulnerability exists in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML vi...

8.7CVSS5.9AI score0.00347EPSS
Exploits0References11
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.3 views

Mozilla Firefox 安全漏洞

Mozilla Firefox for Android is a web browser designed for Android devices by the US-based Mozilla Foundation. An information disclosure vulnerability exists in Mozilla Firefox for Android prior to version 141, which originates from a sandboxed iframe without the allow-downloads attribute that can...

9.8CVSS5.8AI score0.00423EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/19 12:0 a.m.4 views

Mozilla Firefox for iOS 安全漏洞

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security bypass vulnerability exists in Mozilla Firefox for iOS prior to version 141, which stems from a sandboxed iframe that may bypass restrictions on downloading files to the device. An...

9.8CVSS6.4AI score0.00449EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-24208

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4. Loading a malicious iframe may lea...

6.1CVSS6.6AI score0.00511EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/08/18 5:12 p.m.9 views

WordPress iframe Wrapper plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin iframe Wrapper versions = 0.1.1...

6.5CVSS5.8AI score0.00425EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/18 7:16 a.m.8 views

CVE-2025-8089

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

5.4CVSS6.1AI score0.00222EPSS
Exploits0References1
NVD
NVD
added 2025/08/16 7:15 a.m.7 views

CVE-2025-8089

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

5.4CVSS0.00222EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/08/16 6:39 a.m.1 views

CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

5.4CVSS6AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 2025/08/16 6:39 a.m.19 views

CVE-2025-8089

CVE-2025-8089 corresponds to a stored XSS in the WordPress Advanced iFrame plugin. The vulnerability exists in the parameter for versions up to and including 2025.6, due to insufficient input sanitization and output escaping. Impact: authenticated attackers with contributor-level access or highe...

5.4CVSS6AI score0.00222EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/16 6:39 a.m.6 views

CVE-2025-8089 Advanced iFrame <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in version less than, or equal to, 2025.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

5.4CVSS0.00222EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/08/16 2:11 a.m.5 views

WordPress Advanced iFrame plugin <= 2025.6 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zer0gh0st in WordPress Plugin Advanced iFrame versions = 2025.6...

5.4CVSS5.5AI score0.00222EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/08/16 12:0 a.m.2 views

WordPress plugin Advanced iFrame 跨站脚本漏洞

WordPress Advanced iFrame plugin is a plugin for WordPress platform which is mainly used for embedding iframe content in websites. The WordPress Advanced iFrame plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of...

5.4CVSS6AI score0.00222EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.5 views

PT-2025-33538 · WordPress · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.7 Description: The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the additional parameter due to insufficient input sanitization and output...

5.4CVSS5.7AI score0.00222EPSS
Exploits0References8
Rows per page
Query Builder