CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

CVE-2026-26223

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

CVE-2025-71245

SPIP

CVE-2025-71245

...

PT-2025-51953

Name of the Vulnerable Software and Affected Versions Zenphoto version 1.6 Description An authenticated attacker can inject malicious scripts by inserting HTML content into album descriptions. Attackers can create albums with malicious iframe or script tags in the description field, which execute...

EUVD-2006-0188

Malware in sbrugna...

MPack with virtual hosting and PHP security-vulnerability warning-the black bar safety net

MPack is by a self-proclaimed "Dream Coders Team" of the organization development of the PHP program, which contain a number of the latest exploit code can be used to manipulate the distal end of attacks on Panda Labs at the end of last year when for the first time found that, at the time someone...

CVE-2006-0180

CaLogic Calendars 1.2.2 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary script/HTML via the Title field on the "Adding New Event" page, and possibly other vectors involving iframe tags. The affected component is the calendar input handling in C...

Cross site scripting

Cross-site scripting XSS vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags...

CVE-2006-0180

Cross-site scripting XSS vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags...

Opera Web Browser 7.0 - Remote IFRAME Denial of Service

Opera Web Browser 7.0 - Remote IFRAME Denial of Service source: https://www.securityfocus.com/bid/10081/info A denial of service vulnerability has been reported to affect Opera Web Browser. The issue is reported to present itself when Opera attempts to render IFRAME HTML tags that contain an...

ProductCart XSS Vulnerability

ProductCart XSS Vulnerability found by atomix i came across the fact that in an area of ProductCart you are able to manipulate the error message, therefore allowing tags such as script and iframe to be used: http://www.website.com/ProductCart/pc/msg.asp?message=scriptalert document.cookie;/script...