Security Vulnerabilities - CVEs Published In March 2025
shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-03-28
OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-03-28
OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-28
In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-28
In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
CVSS Score
5.5
EPSS Score
0.001
Published
2025-03-28
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
CVSS Score
7.2
EPSS Score
0.001
Published
2025-03-28
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
CVSS Score
9.8
EPSS Score
0.114
Published
2025-03-28
Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-28
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-28
maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-03-28