UBUNTU-CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.8 contained security vulnerabilities. These vulnerabilities stemmed from improper sandboxing or escaping of iframe content in private areas, which could lead to cross-site scripting...

CVE-2025-14616

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-14616

The CVE-2025-14616 entry describes a Cross-Site Request Forgery in the WordPress plugin Recooty (Old Dashboard) up to version 1.0.6, caused by missing nonce validation in recooty_save_maybe(). This allows unauthenticated attackers to update the recooty_key option and inject malicious content into...

CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

WordPress plugin Iframe 跨站脚本漏洞

The WordPress iframe plugin is a tool for embedding iFrame content in WordPress websites, allowing users to embed external web pages, videos, forms, etc. into their pages. WordPress iframe plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective...

PT-2025-44448

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal versions 7.3 GA through update 36 Liferay DXP versions 7.4 GA through update 92 Description A cross-site scripting XSS issue exist...

EUVD-2008-4215

Malware in sbrugna...

CVE-2025-27668

Vasion Print formerly PrinterLogic before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012...

UBUNTU-CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

SUSE CVE-2022-45420

Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

CVE-2022-28286

Due to a layout change, iframe contents could have been rendered outside of its border. This could have led to user confusion or spoofing attacks. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

Mozilla: Iframe contents could be rendered outside the iframe

The Mozilla Foundation Security Advisory describes this flaw as: Use tables inside of an iframe, an attacker could have caused iframe contents to be rendered outside the boundaries of the iframe, resulting in potential user confusion or spoofing attacks...

Mozilla Firefox has an unspecified vulnerability (CNVD-2023-15817)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozila Firefox has a security vulnerability that could be exploited by an attacker to cause iframe content to be rendered outside the boundaries of the iframe, leading to a potential user confusion or spoofing...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which arises from iframe content that can be rendered outside of boundaries...

Arbitrary Code Execution

Firefox, Firefox ESR and Thunderbird are vulnerable to arbitrary code execution attacks. A remote unauthenticated attacker could exploit the vulnerable URI Handler component by spoofing the origin of a modal alert via iframe content and the 'data:' protocol leading to potential code execution...

Shopify: Open redirect allows changing iframe content in *.myshopify.com/admin/themes/<id>/editor

Hi , I managed to bypass the fix you deployed to the issue I reported in 159522. Apparently this is what the fix does: - Redirecting to https://checkout.shopify.com/ / only is allowed. - For example: victim.myshopify.com/account/logout?returnurl=https://checkout.shopify.com// will work - but...

Adobe Flash Player issue where iframe contents may be overwritten

Overview Adobe Flash Player contains an issue where the same-origin policy may be bypassed leading to iframe contents being overwritten. Tokuji Akamine reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact...