Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

Origin Validation Error

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Origin Validation Error in the session.setPermissionRequestHandler function. An attacker can gain...

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a security vulnerability, which stems from the lack of mechanisms to prevent clickjacking attacks. This vulnerability could allow attackers to embed malicious IFRAMES into the applicatio...

CVE-2025-65922

PLANKA 2.0.0 lacks X-Frame-Options and CSP frame-ancestors headers, allowing the application to be embedded within malicious iframes. While this does not lead to unintended modification of projects or tasks, it exposes users to Phishing attacks. Attackers can frame the legitimate Planka applicati...

PT-2025-51205

The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content...

CVE-2022-4953

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs...

PT-2024-22805

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These...

CVE-2022-4953

The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs...

PT-2023-15937 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder WordPress plugin versions prior to 3.5.5 Description: The issue allows user-controlled URLs to be loaded into the DOM without proper filtering. This could be exploited to inject rogue iframes that point to malicious...

Agoric: Stored XSS in agoric-sdk - malicious iframes, malicious svg

Summary: add summary of the vulnerability Steps To Reproduce: shell git clone https://github.com/Agoric/agoric-sdk.git cd agoric-sdk yarn config set "strict-ssl" false -g yarn config set "registry" "http://registry.npmjs.org/" -g yarn config set "cafile" "/etc/ssl/cert.pem" -g pipenv shell yarn...

132 Google Play Apps Booted For Having Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...

.SWF Files Injecting Malicious iFrames on WordPress, Joomla Sites

Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites. Several hundred WordPress and Joomla websites have been swept up in the campaign, first observed by researchers at the firm Sucuri last November. “Though it’s uncertain how many...