CVE-2025-41000

Vulnerability Description

Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.

Related Weaknesses (CWE)

CWE-1021

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-boo

FAQ

What is CVE-2025-41000?

CVE-2025-41000 is a documented vulnerability. Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is ba...

How severe is CVE-2025-41000?

CVSS scoring is not yet available for CVE-2025-41000. Check NVD for updates.

Is there a patch for CVE-2025-41000?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.