18 matches found
EUVD-2025-17209
Malicious code in bioql PyPI...
CVE-2025-49191
Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other users that access the dashboard by including malicious code. The attack is only possible if the attacker is authorized to...
CVE-2025-30939
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...
CVE-2025-30939
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...
CVE-2025-30939
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...
CVE-2025-30939 WordPress IFrame Widget plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...
CVE-2025-30939 WordPress IFrame Widget plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Debashish IFrame Widget iframe-widget allows Stored XSS.This issue affects IFrame Widget: from n/a through = 4.1...
CVE-2025-30939
CVE-2025-30939 describes a Stored XSS in the WordPress plugin IFrame Widget due to improper input neutralization during web page generation . Affected versions are listed as from n/a through 4.1 . The Connected documents confirm the CVE exists and identify the vulnerability class, but do not prov...
WordPress plugin IFrame Widget 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripti...
WordPress IFrame Widget plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin IFrame Widget versions = 4.1...
CVE-2018-16519
COYO 9.0.8, 10.0.11 and 12.0.4 has cross-site scripting XSS via URLs used by "iFrame" widgets...
Liferay Portal denial-of-service vulnerability
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...
GHSA-W275-M8CR-HF2V Liferay Portal denial-of-service vulnerability
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...
CVE-2024-25144
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...
CVE-2024-25144
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...
CVE-2024-25144
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...
CVE-2024-25144
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a...
PT-2024-20777 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.26 Liferay DXP 7.4 before update 27 Liferay DXP 7.3 before update 6 Liferay DXP 7.2 before fix pack 19 Description: The issue is related to the IFrame widget, which does not check the URL of the...