Cross-Frame Scripting Vulnerability in BoomCMS by UXB London
CVE-2025-41000
2.1LOW
What is CVE-2025-41000?
BoomCMS v9.1.4 from UXB London is exposed to a Cross-Frame Scripting (XFS) vulnerability. This security flaw takes advantage of specific browser vulnerabilities, allowing attackers to execute malicious JavaScript that could spy on users or manipulate content in the targeted web application. The exploit's effectiveness is heightened when users operate outdated browser versions, leading to potential security compromises through social engineering tactics focused on deceiving users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
BoomCMS 9.1.4
References
CVSS V4
Score:
2.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Sergio Corchado Lucero
