CVE-2023-53915

Zenphoto 1.6 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field that execute when users vi...

CVE-2025-14021

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

EUVD-2021-11213

Malware in sbrugna...

CVE-2025-56515

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

Malicious Package

Overview iframe-execution-environment is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if...

MAL-2022-3788 Malicious code in iframe-execution-environment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 878f55d0b4e72532f2d5aea14715b24e3806715e018b96a235230768b24a79d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in iframe-execution-environment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 878f55d0b4e72532f2d5aea14715b24e3806715e018b96a235230768b24a79d0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Squaredup 跨站脚本漏洞

Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site scripting vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by a user to create a dashboard, execute malicious content in an iframe, or uplo...

XSSFuzzer - A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists. It offers the possibility to just generate the payloads as plain-text or to execute them inside an...

Microsoft Internet Explorer 56 - file: Request Zone Bypass

Microsoft Internet Explorer 56 - file: Request Zone Bypass source: https://www.securityfocus.com/bid/7539/info Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained i...