CVE-2025-40615 – Bookgy Reflected Cross-Site Scripting (XSS)

April 29, 2025

CVE ID : CVE-2025-40615

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : Reflected Cross-Site Scripting (XSS) vulnerability in Bookgy. This vulnerability allows an attacker to execute JavaScript code in the victim’s browser by sending a malicious URL through the “TEXTO” parameter in /api/api_ajustes.php.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40616 – Bookgy Reflected XSS

Next Article CVE-2025-32354 – Zimbra Collaboration CSRF Vulnerability

Highlights

CVE-2025-46813 – Discourse Data Leak Vulnerability

May 5, 2025

CVE ID : CVE-2025-46813

Published : May 5, 2025, 8:15 p.m. | 3 hours, 19 minutes ago

Description : Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. On login-required sites, the leak meant that some content on the site’s homepage could be visible to unauthenticated users. Only login-required sites that got deployed during this timeframe are affected, roughly between April 30 2025 noon EDT and May 2 2025, noon EDT. Sites on the stable branch are unaffected. Private content on an instance’s homepage could be visible to unauthenticated users on login-required sites. Versions of 3.5.0.beta4 after commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b are not vulnerable to the issue. No workarounds are available. Sites must upgrade to a non-vulnerable version of Discourse.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

AI-Generated Code Poses Major Security Risks in Nearly Half of All Development Tasks, Veracode Research Reveals

Understanding the code modernization conundrum

Not just YouTube: Google is using AI to guess your age based on your activity – everywhere

Malicious extensions can use ChatGPT to steal your personal data – here’s how

What Zuckerberg’s ‘personal superintelligence’ sales pitch leaves out

This handy NordVPN tool flags scam calls on Android – even before you answer

Route Optimization through Laravel’s Shallow Resource Architecture

Route Optimization through Laravel’s Shallow Resource Architecture

This Week in Laravel: Laracon News, Free Laravel Idea, and Claude Code Course

Everything We Know About Pest 4

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

FOSS Weekly #25.31: Kernel 6.16, OpenMandriva Review, Conky Customization, System Monitoring and More

Windows 11’s MSN Widgets board now opens in default browser, such as Chrome (EU only)

Microsoft’s new “move to Windows 11” campaign implies buying OneDrive paid plan

CVE-2025-40615 – Bookgy Reflected Cross-Site Scripting (XSS)

The hidden risks of browser extensions – and how to stay safe

Minnesota National Guard Deployed After Major Cyberattack on St. Paul City Systems

Windows 11 KB5063060 24H2 out after KB5060842 issues with Fortnite (Easy Anti Cheat)

CVE-2025-53762 – Microsoft Purview Privilege Escalation

The Nose-Man

CVE-2025-37996 – KVM arm64 Uninitialized Pointer Vulnerability

CVE-2025-46813 – Discourse Data Leak Vulnerability

CVE-2025-46192 – SourceCodester Client Database Management System SQL Injection

How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout

CVE-2025-5734 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

CVE-2025-40615 – Bookgy Reflected Cross-Site Scripting (XSS)

Related Posts