CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2025-30191

Open-Xchange OX App Suite is affected by CVE-2025-30191. The issue involves malicious email content exploited to trigger redressing attacks, allowing users to perform unintended actions or disclose information. The underlying cause, as stated, is the sanitization procedure that now denies attribu...

PT-2025-44595

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Malicious content delivered via email can be leveraged to conduct a redressing attack. This allows attackers to deceive users into performing unintended actions or disclosing sensitive information to...

CVE-2025-54139

CVE-2025-54139 affects HAX CMS NodeJS and PHP backends. Versions haxcms-nodejs ≤ 11.0.12 and haxcms-php ≤ 11.0.7 expose pages without anti-iframe headers, enabling unauthenticated attackers to load sensitive pages (including login) in an iframe and perform a UI redress (clickjacking). Impact is U...

GHSA-HF94-8MX5-2VVJ Cross-site Scripting in kiwitcms

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

CVE-2022-4105

CVE-2022-4105 refers to a stored XSS in Kiwi TCMS’s kiwi Test Plan. The vulnerability allows attacker-supplied JavaScript to execute in the context of the application, potentially enabling a chained HTML injection that can perform a UI redressing attack (clickjacking) and an HTML injection that d...

CVE-2022-4105 Cross-site Scripting (XSS) - Stored in kiwitcms/kiwi

A stored XSS in a kiwi Test Plan can run malicious javascript which could be chained with an HTML injection to perform a UI redressing attack clickjacking and an HTML injection which disables the use of the history page...

Rocket.Chat: Clickjacking in the admin page

Summary: Hello Rocket.Chat, There is a clickjacking vulnerability in a very critical page which is the admin info page. For my installation, the URL https://penetrationtester.rocket.chat/admin/users was used for creating the PoC. Description: Clickjacking User Interface redress attack, UI redress...