Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Cross-Frame Scripting (XFS) in BoomCMS

Posted date 03/09/2025
Identificador
INCIBE-2025-0471
Importance
2 - Low
Affected Resources

BoomCMS, version 9.1.4.

Description

INCIBE has coordinated the publication of a low-severity vulnerability affecting BoomCMS from UXB London, an easy-to-use content management system. The vulnerability was discovered by Sergio Corchado Lucero.

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type:

  • CVE-2025-41000: CVSS v4.0: 2.1 | CVSS AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | CWE-1021
Solution

No solution has been reported at this time.

Detail

CVE-2025-41000: Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.

CVE
Explotación
No
References list
CMS Boom | Official website
Etiquetas