5125 matches found
CVE-2025-54527
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...
CVE-2025-54527
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...
CVE-2025-54527
CVE-2025-54527 affects JetBrains YouTrack. The issue is an improper iframe configuration in the widget sandbox that allows popups to bypass security restrictions. Affects YouTrack versions prior to 2025.2.86935 and includes 2025.2.86935, 2025.2.87167, 2025.3.87341, and 2025.3.87344. The Red Hat/R...
CVE-2025-54527
In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions...
PT-2025-31117 · Jetbrains · Jetbrains Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2025.2.86935 JetBrains YouTrack version 2025.2.86935 JetBrains YouTrack versions 2025.2.86935 through 2025.2.87167 JetBrains YouTrack version 2025.3.87341 JetBrains YouTrack versions 2025.3.87341 through...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack that stems from an iframe...
CVE-2025-6987
The CVE-2025-6987 entry concerns the WordPress plugin Advanced iFrame. A stored XSS exists in the advanced_iframe shortcode across versions up to 2025.5 due to insufficient input sanitization and output escaping of user-supplied attributes. Exploitation requires at least contributor-level (authen...
CVE-2025-6987 Advanced iFrame <= 2025.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advancediframe' shortcode in all versions up to, and including, 2025.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
PT-2025-30963 · WordPress · Advanced Iframe
Name of the Vulnerable Software and Affected Versions: Advanced iFrame plugin for WordPress versions prior to 2025.5 Description: The Advanced iFrame plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin's advanced iframe shortcode. Insufficient input sanitization...
WordPress plugin Advanced iFrame 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
NodeJS 安全漏洞
NodeJS is a JavaScript runtime environment based on the ChromeV8 engine from the OpenJS Foundation. By encapsulating the Chromev8 engine and using event-driven and non-blocking IO applications make it possible to develop high-performance backend applications in Javascript. A security vulnerabilit...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139
CVE-2025-54139 affects HAX CMS NodeJS and PHP backends. Versions haxcms-nodejs ≤ 11.0.12 and haxcms-php ≤ 11.0.7 expose pages without anti-iframe headers, enabling unauthenticated attackers to load sensitive pages (including login) in an iframe and perform a UI redress (clickjacking). Impact is U...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
Security Vulnerabilities fixed in Firefox 141 — Mozilla
On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. On arm64, a WASM brtable instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrec...
GHSA-54VW-F4XF-F92J HAX CMS application pages vulnerable to clickjacking
Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...
HAX CMS application pages vulnerable to clickjacking
Summary All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites. PoC To replicate this vulnerability, load the target page in an iframe and observe the rendered content. Impact ...
PT-2025-30361 · Hax Cms · Hax Cms
Name of the Vulnerable Software and Affected Versions: HAX CMS versions 11.0.7 and below PHP HAX CMS versions 11.0.12 and below NodeJS Description: HAX CMS does not include headers to prevent websites from loading the application within an iframe. This affects both the CMS and generated sites. An...
OESA-2025-1835 thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: A permission leak could have occurred from a trusted site to an untrusted site via embed or object elements. This vulnerability affects Firefox 132, Firefox ESR 128.4, Firefox ESR 115.17, Thunderbird 128.4, and...
📄 Beakon Cross Site Scripting / Open Redirection
Beakon versions prior to 5.4.3 suffer from cross site scripting and open redirection vulnerabilities. I am submitting a news article for publishing my recent Zero day vulnerability. I have already contacted MITRE and have CVE-2025-46102 reserved now. Please find below details: Title: Unsensitized...