CVE-2025-0984 – Netoloji Software E-Flow Cross-site Scripting (XSS) and File Content Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-0984

Published : May 6, 2025, 12:15 p.m. | 2 hours, 44 minutes ago

Description : Unrestricted Upload of File with Dangerous Type, Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Netoloji Software E-Flow allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS, File Content Injection.This issue affects E-Flow: before 3.23.00.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4349 – “Critical Command Injection in D-Link DIR-600L”

Next Article CVE-2025-45611 – Hope-Boot Authentication Bypass

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-0984 – Netoloji Software E-Flow Cross-site Scripting (XSS) and File Content Injection Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-30943 – Aakif Kadiwala Posts Slider Shortcode Cross-site Scripting (XSS)

Google’s One AI Premium plan with Gemini Advanced is now free for students – for an entire year

I changed 8 settings on my Motorola phone to significantly improve the battery life

Meta’s upcoming $1,000 smart glasses sound like the Ray-Bans successor I’ve been waiting for

OpenAI CEO Sam Altman revealed the heartbreaking truth behind its users’ attachment to previous ChatGPT models — “This was great for my mental health”

SonicWall SMA100 SSL-VPN’s actief aangevallen via path traversal-lek

CVE-2025-46094 – LiquidFiles Arbitrary File Upload Vulnerability

CVE-2013-10068 – Foxit Reader Plugin Stack-Based Buffer Overflow Vulnerability

CVE-2025-0984 – Netoloji Software E-Flow Cross-site Scripting (XSS) and File Content Injection Vulnerability

Related Posts