Description

Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.

INFO

Published Date :

2025-09-03T11:04:01.811Z

Last Modified :

2025-09-03T14:04:36.130Z

Source :

INCIBE
AFFECTED PRODUCTS

The following products are affected by CVE-2025-41000 vulnerability.

Vendors Products
Boomcms
  • Boomcms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-41000.

URL Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-boomcms cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability