Seguridad Archives - Página 10 de 1366

7 Abr 2025

CVE-2025-0942

Título es

CVE-2025-0942

Lun, 07/04/2025 – 22:15

Tipo

CWE-89

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-0942

Descripción en

The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for authenticated administrative users to trigger SQL Injection.

This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06.

08/04/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

Gravedad 3.1 (CVSS 3.1 Base Score)

6.00

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://community.jalios.com/jcms/jc2_734797/fr/avertissement-de-securite-2023-02-06

https://community.jalios.com/patchplugin-10.0.6

Enviar en el boletín

Off

7 Abr 2025

CVE-2025-3386

Título es

CVE-2025-3386

Lun, 07/04/2025 – 22:15

Tipo

CWE-79

Gravedad v2.0

3.30

Gravedad 2.0 Txt

LOW

Título en

CVE-2025-3386

Descripción en

A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin#links of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

08/04/2025

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0

AV:N/AC:L/Au:M/C:N/I:P/A:N

Gravedad 4.0

4.80

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

2.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://gitee.com/LinZhaoguan/pb-cms/issues/IBN3MW

https://vuldb.com/?ctiid_303632=

https://vuldb.com/?id_303632=

Enviar en el boletín

Off

7 Abr 2025

CVE-2025-3385

Título es

CVE-2025-3385

Lun, 07/04/2025 – 22:15

Tipo

CWE-79

Gravedad v2.0

3.30

Gravedad 2.0 Txt

LOW

Título en

CVE-2025-3385

Descripción en

A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

08/04/2025

Vector CVSS:4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Vector CVSS:2.0

AV:N/AC:L/Au:M/C:N/I:P/A:N

Gravedad 4.0

4.80

Gravedad 4.0 txt

MEDIUM

Gravedad 3.1 (CVSS 3.1 Base Score)

2.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

LOW

Referencias

https://gitee.com/LinZhaoguan/pb-cms/issues/IBN3S0

https://vuldb.com/?ctiid_303631=

https://vuldb.com/?id_303631=

Enviar en el boletín

Off

7 Abr 2025

CVE-2025-29594

Título es

CVE-2025-29594

Lun, 07/04/2025 – 20:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-29594

Descripción en

A vulnerability exists in the errorpage.php file of the CS2-WeaponPaints-Website v2.1.7 where user-controlled input is not adequately validated before being processed. Specifically, the $_GET['errorcode'] parameter can be manipulated to access unauthorized error codes, leading to Cross-Site Scripting (XSS) attacks and information disclosure.

07/04/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-29594

https://github.com/LielXD/CS2-WeaponPaints-Website/blob/b1d8364c1cbcab6981a564d8abe43b1cc26a2503/errorpage.php#L41

Enviar en el boletín

Off

7 Abr 2025

CVE-2025-29482

Título es

CVE-2025-29482

Lun, 07/04/2025 – 20:15

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-29482

Descripción en

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.

07/04/2025

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

Pendiente de análisis

Referencias

https://github.com/lmarch2/poc/blob/main/libheif/libheif.md

Enviar en el boletín

Off