CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

May 1, 2025

CVE ID : CVE-2025-35996

Published : May 1, 2025, 7:15 p.m. | 53 minutes ago

Description : KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resulting in a cross-site-scripting attack.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-36521 – MicroDicom DICOM Viewer Out-of-Bounds Read Vulnerability

Next Article CVE-2025-24522 – KUNBUS Revolution Pi Node-RED Remote Command Execution

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Lenovo’s new 16-inch Yoga 7i doesn’t get the “2-in-1” part quite right, but there are some redeeming qualities here

Facebook porn scam infects 110k users in 48 hours

CVE-2025-1245 – Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer Bypass Connection Restriction Vulnerability

CVE-2025-33014 – IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Scripting (XSS) Vulnerability

CVE-2025-0782 – H2O-3 S3 Bucket Public Write Privilege Escalation Vulnerability

Rilasciata Slackel 8.0: Una Distribuzione GNU/Linux Basata su Slackware

Rilasciata KDE Frameworks 6.14: Novità e approfondimento sulla raccolta di librerie per Qt

CVE-2024-35164 – Apache Guacamole SSH Console Code Execution Vulnerability

CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

Related Posts