Lucene search
+L

5 matches found

ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.7 views

PT-2026-56249

Name of the Vulnerable Software and Affected Versions Dashy versions prior to 4.3.7 Description The workspace view fails to validate the scheme of the URL query parameter before assigning it to an iframe source. This allows an attacker to execute JavaScript on the Dashy origin by tricking a...

3.9CVSS6.3AI score0.00255EPSS
Exploits0References7
cve
cve
added 2026/06/05 6:44 p.m.28 views

CVE-2026-46396

CVE-2026-46396 stems from a stored XSS in HAX CMS prior to 26.0.0, caused by improper sanitization of elements that permit javascript: in the src attribute. When a victim views a page containing such an iframe, arbitrary JavaScript can execute in the browser context, enabling access to sensitive...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
snyk
snyk
added 2026/05/19 2:46 p.m.20 views

Cross-site Scripting (XSS)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the victim's browser...

9.3CVSS5.8AI score0.0023EPSS
Exploits0References2
osv
osv
added 2025/06/09 12:36 p.m.6 views

CVE-2025-48877 Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe

Discourse is an open-source discussion platform. Prior to version 3.4.4 of the stable branch, version 3.5.0.beta5 of the beta branch, and version 3.5.0.beta6-dev of the tests-passed branch, Codepen is present in the default allowediframes site setting, and it can potentially auto-run arbitrary JS...

9.3CVSS6.6AI score0.00348EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 6:16 a.m.4 views

SUSE CVE-2006-0884

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

9.3CVSS6.6AI score0.07066EPSS
Exploits1References5
Rows per page
Query Builder