CVE-2025-41000 | THREATINT

Description

Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-03 | Updated 2025-09-03 | Assigner INCIBE

LOW: 2.1CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Product status

Default status

unaffected

9.1.4

affected

Credits

Sergio Corchado Lucero finder

References

www.incibe.es/...ces/aviso/cross-frame-scripting-xfs-boomcms

cve.org (CVE-2025-41000)

nvd.nist.gov (CVE-2025-41000)

Download JSON