CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

CVE-2025-52196

Server-Side Request Forgery SSRF vulnerability in Ctera Portal 8.1.x 8.1.1417.24 allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe...

EUVD-2021-32009

Malicious code in bioql PyPI...

CVE-2021-45227

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...

Cross site scripting

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...

CVE-2021-45227

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting XSS attack...

CVE-2021-45227

COINS Construction Cloud 11.12 contains a persistent Cross-Site Scripting (XSS) flaw in the file upload flow due to inappropriate handling of HTML IFRAME elements. Root cause: improper IFRAME usage during uploads enables script persistence. Impact is documented as client-side compromise; CVSS sco...

COINS Construction Cloud 跨站脚本漏洞

COINS Construction Cloud is an end-to-end suite of cloud and mobile software solutions from COINS, Inc. designed to help construction executives drive increased profitability across their business. A cross-site scripting vulnerability exists in COINS Construction Cloud 11.12 that stems from...

Denial Of Service (DoS)

Mozilla Thunderbird is vulnerable to denial of service DoS. A flaw was found in the way Thunderbird handled the HTML iframe tag. An HTML mail message with an iframe tag containing a specially-crafted source address could trigger this flaw, possibly leading to arbitrary code execution with the...

Hardcoded credentials

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

CVE-2019-1975 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

Cisco HyperFlex Software Cross-Frame Scripting Vulnerability

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting XFS attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerabilit...

Cross site scripting

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419...

CVE-2019-4237

CVE-2019-4237 affects IBM InfoSphere Information Server (and Information Governance Catalog; on Cloud) versions 11.3, 11.5, and 11.7. It is a Cross-Frame Scripting vulnerability that can allow loading the vulnerable application inside an HTML iframe on a malicious page. Root cause details are not...

CVE-2019-4237

A Cross-Frame Scripting vulnerability in IBM InfoSphere Information Server 11.3, 11.5, and 11.7 can allow an attacker to load the vulnerable application inside an HTML iframe tag on a malicious page. IBM X-Force ID: 159419...

Security Bulletin: IBM InfoSphere DataStage is vulnerable to Cross-Frame Scripting issue (CVE-2016-9000)

Summary IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Vulnerability Details CVEID: CVE-2016-9000 DESCRIPTION: IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote...

Security Bulletin: IBM InfoSphere Information Server is vulnerable to Cross-Frame Scripting issue (CVE-2016-5984)

Summary IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. Vulnerability Details CVEID: CVE-2016-5984 DESCRIPTION: IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe...

CVE-2016-9000

IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to navigate to a web page the attacker controls. An attacker could use this vulnerability to conduct...

CVE-2016-9000

IBM InfoSphere DataStage is affected by CVE-2016-9000, a Cross‑Frame Scripting issue caused by insufficient HTML iframe protection. A remote attacker could entice a user to visit a crafted URL to load a page under the attacker’s control, enabling clickjacking or other client‑side browser attacks....