41 matches found
CVE-2025-11716
Links in a sandboxed iframe could open an external app on Android without the required "allow-" permission. This vulnerability was fixed in Firefox 144 and Thunderbird 144...
EUVD-2021-2502
Malware in sbrugna...
EUVD-2019-6930
Malware in sbrugna...
EUVD-2017-11806
Malware in sbrugna...
EUVD-2017-14495
Malware in sbrugna...
EUVD-2019-18144
Malware in sbrugna...
EUVD-2025-17469
Malicious code in bioql PyPI...
EUVD-2024-25317
Malicious code in bioql PyPI...
EUVD-2023-12591
Malicious code in bioql PyPI...
EUVD-2024-0742
Malicious code in bioql PyPI...
CVE-2025-54139
CVE-2025-54139 affects HAX CMS NodeJS and PHP backends. Versions haxcms-nodejs ≤ 11.0.12 and haxcms-php ≤ 11.0.7 expose pages without anti-iframe headers, enabling unauthenticated attackers to load sensitive pages (including login) in an iframe and perform a UI redress (clickjacking). Impact is U...
Cookies Addons - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-087
This module provides a format filter, which allows you to "disable" iframes e.g. remove their src attribute specified by the user. These elements will be enabled again, once the Cookies banner is accepted. The module doesn't sufficiently filter user-supplied content when their value might contain...
PT-2025-24434 · Codepen +1 · Codepen +1
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.4.4 Discourse version 3.5.0.beta5 and earlier of the beta branch Discourse version 3.5.0.beta6-dev and earlier of the tests-passed branch Description: Discourse is an open-source discussion platform. In versions...
CVE-2024-28196
yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as...
CVE-2021-43817
Collabora Online is a collaborative online office suite based on LibreOffice technology. In affected versions a reflected XSS vulnerability was found in Collabora Online. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts insid...
CVE-2017-14744
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element...
CVE-2025-32385
EspoCRM before version 9.0.5 is affected by a vulnerability in the Iframe dashlet where the iframe lacks a sandbox attribute, allowing the remote page to open popups outside the iframe and potentially trick users via phishing. The iframe URL is user-supplied, and the remote page can also send mes...
firefox: thunderbird: Confusing display of origin for external protocol handler prompt
The Mozilla Foundation's Security Advisory: The origin of an external protocol handler prompt could be obscured using a data: URL within an iframe...
Medium: firefox
Issue Overview: An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. CVE-2024-0741 It was possible for certain browser prompts and dialogs to b...
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set
The Mozilla Foundation Security Advisory describes this flaw as: When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy...