EUVD-2025-11864

Malicious code in bioql PyPI...

CVE-2025-49191 Dashboards and iFrames can link malicious web content

Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...

PT-2025-25317 · Sick Ag · Sick Field Analytics

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns the creation of iFrame widgets and dashboards where linked URLs are vulnerable to code execution. An attacker, if authorized to create new dashboards or iFrame widgets, ca...

CVE-2025-49139

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is...

Shop a la Cart Multiple Vulnerabilities

No description provided by source. Exploit Title: Multiple vulnerabilities in SHOP A LA CART Date: 03.09.2010 Author: Ariko-Security Software Link: http://shopalacart.com Version: ALL Tested on: ALL CVE : n/a Ariko-Security: Security Audits , Audyt bezpiecze?stwa Advisory: 728/2010 ============...

MGASA-2014-0194 Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...