CVE-2025-41000
Description
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-41000? +
How do I check if I'm vulnerable to CVE-2025-41000? +
Related Vulnerabilities
A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions …
The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted …
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open …
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users …
A select option could partially obscure security prompts. This could be used by a malicious site to trick a user …
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly …