Security Vulnerabilities - CVEs Published In February 2025
A vulnerability classified as problematic has been found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected is an unknown function of the file /api/admin/question/edit of the component Exam Edit Handler. The manipulation of the argument title/content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.1
EPSS Score
0.002
Published
2025-02-06
A vulnerability classified as problematic was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. Affected by this vulnerability is an unknown functionality of the component CORS Handler. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
2.3
EPSS Score
0.001
Published
2025-02-06
Server-side request forgery (ssrf) in Microsoft Dynamics 365 Sales allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.7
EPSS Score
0.005
Published
2025-02-06
Microsoft Edge for IOS and Android Spoofing Vulnerability
CVSS Score
5.3
EPSS Score
0.008
Published
2025-02-06
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.4
EPSS Score
0.004
Published
2025-02-06
Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.
CVSS Score
7.5
EPSS Score
0.034
Published
2025-02-06
Certain HP LaserJet Pro printers may potentially
experience a denial of service when a user sends a raw JPEG file to the printer
via IPP (Internet Printing Protocol).
CVSS Score
6.9
EPSS Score
0.002
Published
2025-02-06
IBM EntireX 11.1 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. An authenticated attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-06
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVSS Score
3.3
EPSS Score
0.0
Published
2025-02-06
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-02-06