Overview A critical stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2025-65621, has been discovered in Snipe-IT versions prior to 8.3.4. This flaw allows a low-privileged authenticated user to inject malicious JavaScript code into the application. This injected code can then execute within the context of an administrator’s session, potentially leading to privilege escalation and complete compromise of the Snipe-IT instance. Technical Details The vulnerability stems from insufficient input sanitization and output encoding within a specific feature of Snipe-IT. An attacker can inject malicious JavaScript code, which is then stored in the database. When an administrator accesses the page containing the…

Overview CVE-2025-58044 describes an Open Redirect vulnerability affecting JumpServer, a popular open-source bastion host and operation and maintenance security audit system. The vulnerability resides in the /core/i18n// endpoint. Untrusted data from the Referer header is used for redirection without proper validation, potentially allowing attackers to redirect users to malicious websites. This issue has been addressed in JumpServer versions v3.10.19 and v4.10.5. Technical Details The root cause of this vulnerability lies in the insufficient validation of the Referer header when constructing the redirection URL within the /core/i18n// endpoint. The Referer header is provided by the client (browser) and can be easily…

Overview CVE-2025-55749 describes a file disclosure vulnerability affecting XWiki, a widely used open-source wiki platform. This vulnerability, present in specific versions when using the XJetty package, allows unauthorized access to files within the web application directory. This can potentially expose sensitive information, including credentials, leading to significant security risks. Technical Details The vulnerability stems from a publicly accessible context that allows static access to any file located within the webapp/ directory of the XWiki installation. This directory typically contains configuration files, scripts, and other sensitive data that should not be directly accessible to unauthorized users. The use of the XWiki…

Overview CVE-2024-51999 describes a prototype pollution vulnerability in Express.js, a minimalist web framework for Node.js. This vulnerability affects applications using the extended query parser (‘query parser’: ‘extended’) and allows attackers to inject and overwrite properties of the Object.prototype. The issue has been fixed in Express.js versions 5.2.0 and 4.22.0. Technical Details The vulnerability arises when the extended query parser is enabled in Express.js. With this setting, the request.query object inherits all properties from the Object.prototype. An attacker can then overwrite these inherited properties by crafting a malicious query string that includes keys matching the prototype property names. This leads to…

Overview CVE-2025-65838 identifies a path traversal vulnerability found in PublicCMS V5.202506.b. This vulnerability, present in the doUploadSitefile method, allows an attacker to potentially write files to arbitrary locations on the server, leading to various security risks. This article provides a detailed analysis of the vulnerability, its potential impact, and recommended mitigation strategies. Technical Details The vulnerability stems from insufficient sanitization of user-supplied input related to file paths during the upload process. Specifically, the doUploadSitefile method in PublicCMS V5.202506.b does not properly validate the destination path, allowing an attacker to inject directory traversal sequences (e.g., ../) into the file path. This…

Overview This article provides a detailed analysis of CVE-2025-65836, a Server-Side Request Forgery (SSRF) vulnerability discovered in PublicCMS V5.202506.b. The vulnerability resides within the chat interface of the SimpleAiAdminController. This flaw allows attackers to potentially manipulate the server into making unintended requests, potentially leading to information disclosure, internal service access, or other malicious activities. Technical Details The SSRF vulnerability exists in the SimpleAiAdminController‘s chat interface. The lack of proper input validation and sanitization on user-supplied data used in constructing server-side requests allows an attacker to inject arbitrary URLs. By crafting malicious input, an attacker can force the PublicCMS server to…

Overview A Cross-Site Scripting (XSS) vulnerability has been identified in Todoist version 8896, designated as CVE-2025-63317. This vulnerability resides in the /api/v1/uploads endpoint. The issue stems from a lack of sanitization applied to uploaded SVG files. Consequently, malicious JavaScript code embedded within a crafted SVG file can be executed when a user opens the attachment from within a task or comment in Todoist. Technical Details The vulnerability lies in the insufficient handling of SVG file uploads. Todoist v8896 does not properly sanitize uploaded SVG files before storing and serving them. An attacker can embed JavaScript code within an SVG file,…

Overview A critical security vulnerability, identified as CVE-2025-51683, has been discovered in mJobtime v15.7.2. This vulnerability is a blind SQL Injection (SQLi) that allows unauthenticated attackers to execute arbitrary SQL statements. This poses a significant risk to organizations using the affected software. Technical Details CVE-2025-51683 is a blind SQL Injection vulnerability found in the /Default.aspx/update_profile_Server endpoint of mJobtime v15.7.2. An attacker can exploit this vulnerability by sending a crafted POST request to this endpoint. Due to the “blind” nature of the SQLi, the attacker may not receive direct error messages related to the SQL queries, making exploitation more challenging but…

Overview CVE-2025-51682 identifies a significant security vulnerability within mJobtime version 15.7.2. This vulnerability arises from the application’s improper handling of authorization, specifically relying on client-side code to enforce access controls. This reliance makes the application susceptible to attacks where malicious actors can manipulate the client-side logic to bypass authentication mechanisms and gain unauthorized administrative privileges. Technical Details The core issue lies in the fact that mJobtime 15.7.2 performs authorization checks on the client-side. An attacker can modify the JavaScript code running in their browser or intercept and manipulate API requests to bypass these checks. By altering the client-side code, attackers…

Overview CVE-2025-12756 is a medium severity vulnerability affecting Mattermost versions 11.0.x