CVE-2025-3153

CVE-2025-3153

Título es
CVE-2025-3153

Jue, 03/04/2025 – 02:15

Tipo
CWE-79

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-3153

Descripción es
Las versiones 9 y anteriores a la 9.4.0RC2 de Concrete CMS y las versiones anteriores a la 8.5.20 son vulnerables a CSRF y XSS en el atributo de dirección de Concrete CMS, ya que las direcciones no se depuran correctamente en la salida cuando no se especifica un país. Los atacantes se limitan a las personas a las que el administrador del sitio les ha otorgado la capacidad de completar un atributo de dirección. El atacante puede obtener información limitada del sitio, pero la cantidad y el tipo están restringidos por los controles de mitigación y el nivel de acceso del atacante. La modificación de datos es limitada. La página del panel de control podría quedar indisponible. Esta corrección solo desinfecta los nuevos datos subidos después de la actualización a Concrete CMS 9.4.0RC2. Las entradas de la base de datos existentes agregadas antes de la actualización seguirán activas si se agregaron exploits exitosos en versiones anteriores; se recomienda una búsqueda en la base de datos. El equipo de seguridad de Concrete CMS le otorgó a esta vulnerabilidad un puntaje CVSS v.4.0 de 5,1 con el vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Gracias Myq Larson por informar.

Descripción en
Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 are vulnerable to CSRF and XSS in the Concrete CMS Address attribute because addresses are not properly sanitized in the output when a country is not specified.  Attackers are limited to individuals whom a site administrator has granted the ability to fill in an address attribute. It is possible for the attacker to glean limited information from the site but amount and type is restricted by mitigating controls and the level of access of the attacker. Limited data modification is possible. The dashboard page itself could be rendered unavailable.
The fix only sanitizes new data uploaded post update to Concrete CMS 9.4.0RC2. Existing database entries added before the update will still be “live” if there were successful exploits added under previous versions; a database search is recommended. The Concrete CMS security team gave this vulnerability CVSS v.4.0 score of 5.1 with vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Thanks Myq Larson for reporting.

03/04/2025
03/04/2025
Vector CVSS:4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Gravedad 4.0
5.10

Gravedad 4.0 txt
MEDIUM

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://documentation.concretecms.org/9-x/developers/introduction/version-history/940-release-notes

  • https://github.com/concretecms/concretecms/pull/12511

  • https://github.com/concretecms/concretecms/pull/12512

  • https://github.com/concretecms/concretecms/releases/tag/8.5.20

    • Enviar en el boletín
    Off

    CVE-2025-3134

    CVE-2025-3134

    Título es
    CVE-2025-3134

    Jue, 03/04/2025 – 02:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3134

    Descripción es
    Se ha detectado una vulnerabilidad crítica en code-projects Payroll Management System 1.0. Esta afecta a una parte desconocida del archivo /add_overtime.php. La manipulación del argumento "rate" provoca una inyección SQL. Es posible iniciar el ataque de forma remota. Se ha hecho público el exploit y puede que sea utilizado.

    Descripción en
    A vulnerability classified as critical has been found in code-projects Payroll Management System 1.0. This affects an unknown part of the file /add_overtime.php. The manipulation of the argument rate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

    03/04/2025
    03/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://code-projects.org/

  • https://github.com/Brauchitsch-Wang/cve/blob/main/cve.md

  • https://vuldb.com/?ctiid_303039=

  • https://vuldb.com/?id_303039=

  • https://vuldb.com/?submit_525102=

    • Enviar en el boletín
    Off

    CVE-2025-3123

    CVE-2025-3123

    Título es
    CVE-2025-3123

    Mié, 02/04/2025 – 23:15

    Tipo
    CWE-284

    Gravedad v2.0
    5.80

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3123

    Descripción en
    A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he philosophy has always been, admin […] bear responsibility to not install themes/plugins from untrusted sources."

    03/04/2025
    03/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:M/C:P/I:P/A:P

    Gravedad 4.0
    5.10

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    4.70

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/WonderCMS/wondercms/issues/330

  • https://github.com/WonderCMS/wondercms/issues/330#issue-2940381112

  • https://github.com/WonderCMS/wondercms/issues/330#issuecomment-2745347770

  • https://vuldb.com/?ctiid_303014=

  • https://vuldb.com/?id_303014=

  • https://vuldb.com/?submit_525101=

    • Enviar en el boletín
    Off

    CVE-2025-3154

    CVE-2025-3154

    Título es
    CVE-2025-3154

    Mié, 02/04/2025 – 23:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3154

    Descripción en
    Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.

    03/04/2025
    03/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    2.10

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.xpdfreader.com/security-bug/CVE-2025-3154.html

    • Enviar en el boletín
    Off

    CVE-2025-30218

    CVE-2025-30218

    Título es
    CVE-2025-30218

    Mié, 02/04/2025 – 22:15

    Tipo
    CWE-200

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-30218

    Descripción en
    Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.

    03/04/2025
    03/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    1.70

    Gravedad 4.0 txt
    LOW

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/vercel/next.js/security/advisories/GHSA-223j-4rm8-mrmf

  • https://vercel.com/changelog/cve-2025-30218-5DREmEH765PoeAsrNNQj3O

    • Enviar en el boletín
    Off

    CVE-2025-3119

    CVE-2025-3119

    Título es
    CVE-2025-3119

    Mié, 02/04/2025 – 22:15

    Tipo
    CWE-74

    Gravedad v2.0
    6.50

    Gravedad 2.0 Txt
    MEDIUM

    Título en

    CVE-2025-3119

    Descripción en
    A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

    03/04/2025
    03/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

    Vector CVSS:2.0
    AV:N/AC:L/Au:S/C:P/I:P/A:P

    Gravedad 4.0
    5.30

    Gravedad 4.0 txt
    MEDIUM

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.30

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/byxs0x0/SQL/blob/main/SQL4.md

  • https://vuldb.com/?ctiid_303010=

  • https://vuldb.com/?id_303010=

  • https://vuldb.com/?submit_524990=

  • https://www.sourcecodester.com/

    • Enviar en el boletín
    Off

    CVE-2025-31484

    CVE-2025-31484

    Título es
    CVE-2025-31484

    Mié, 02/04/2025 – 22:15

    Tipo
    CWE-284

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31484

    Descripción en
    conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure.
    Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found.

    03/04/2025
    03/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    9.30

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/conda-forge/infrastructure/commit/70f3f09e64968d5f0a7b0525846f17cad42dd052

  • https://github.com/conda-forge/infrastructure/security/advisories/GHSA-m4h2-49xf-vq72

    • Enviar en el boletín
    Off

    CVE-2025-31479

    CVE-2025-31479

    Título es
    CVE-2025-31479

    Mié, 02/04/2025 – 22:15

    Tipo
    CWE-532

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31479

    Descripción en
    canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated—causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited—the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1.

    03/04/2025
    03/04/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

    Gravedad 3.1 (CVSS 3.1 Base Score)
    8.20

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    HIGH

    Referencias

  • https://github.com/canonical/get-workflow-version-action/commit/88281a62e96e1c0ef4df30352ae0668a9f3e3369

  • https://github.com/canonical/get-workflow-version-action/issues/2

  • https://github.com/canonical/get-workflow-version-action/security/advisories/GHSA-26wh-cc3r-w6pj

    • Enviar en el boletín
    Off

    CVE-2025-31477

    CVE-2025-31477

    Título es
    CVE-2025-31477

    Mié, 02/04/2025 – 22:15

    Tipo
    CWE-20

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-31477

    Descripción en
    The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1.

    03/04/2025
    03/04/2025
    Vector CVSS:4.0
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

    Gravedad 4.0
    9.30

    Gravedad 4.0 txt
    CRITICAL

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/tauri-apps/plugins-workspace/commit/9cf0390a52497e273db1a1b613a0e26827aa327c

  • https://github.com/tauri-apps/plugins-workspace/security/advisories/GHSA-c9pr-q8gx-3mgp

    • Enviar en el boletín
    Off

    CVE-2025-3130

    CVE-2025-3130

    Título es
    CVE-2025-3130

    Mié, 02/04/2025 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-3130

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Obfuscate allows Stored XSS.This issue affects Obfuscate: from 0.0.0 before 2.0.1.

    03/04/2025
    03/04/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://www.drupal.org/sa-contrib-2025-029

    • Enviar en el boletín
    Off