Cross-Frame Scripting (XFS) in BoomCMS_CVE-2025-41000

2.1 / 10

LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.

Basic Information

ID CVE-2025-41000

Source INCIBE

Published Sep 3, 2025 at 11:04

Affected Product

Vendor BoomCMS

Product BoomCMS

Version 9.1.4

Affected Versions BoomCMS BoomCMS 9.1.4

CWE Classification

CWE-1021

References

www.incibe.es /en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-boomcms

{
    "lastseen": "",
    "description": "Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.",
    "published": "2025-09-03T11:04:01.811Z",
    "modified": "2025-09-03T11:04:01.811Z",
    "type": "cve",
    "title": "Cross-Frame Scripting (XFS) in BoomCMS",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-boomcms",
    "id": "CVE-2025-41000",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1021"
    ],
    "cvelist": null,
    "sourceData": "BoomCMS BoomCMS 9.1.4",
    "sourceHref": "",
    "cvss": {
        "score": 2.1,
        "severity": "LOW",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BoomCMS",
    "version": "9.1.4",
    "vendor": "BoomCMS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}