CVE-2025-30010 – SAP SRM Java Applet Cross-Site Scripting (XSS)

May 13, 2025

CVE ID : CVE-2025-30010

Published : May 13, 2025, 1:15 a.m. | 1 hour, 49 minutes ago

Description : The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft a malicious link, which when clicked by a victim, redirects the browser to a malicious site. On successful exploitation, the attacker could cause low impact on confidentiality and integrity with no impact on the availability of the application.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-30011 – SAP SRM Java Applet Information Disclosure

Next Article CVE-2025-30009 – SAP SRM Live Auction Cockpit Java Applet Remote Code Execution Vulnerability

Highlights

CVE-2025-4155 – PHPGurukul Boat Booking System SQL Injection Vulnerability

May 1, 2025

CVE ID : CVE-2025-4155

Published : May 1, 2025, 8:15 a.m. | 3 hours, 38 minutes ago

Description : A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/edit-boat.php. The manipulation of the argument bid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

The coming AI smartphone: Redefining personal tech

Modern React animation libraries: Real examples for engaging UIs

How Debian 13’s little improvements add up to the distro’s surprisingly big leap forward

Why xAI is giving you ‘limited’ free access to Grok 4

How Apple may revamp Siri to a voice assistant I’d actually use (and ditch Gemini for)

I jump-started a bus from the 1930s with this power bank – here’s the verdict

Laravel’s UsePolicy Attribute: Explicit Authorization Control

Laravel’s UsePolicy Attribute: Explicit Authorization Control

The Laravel Way to Build AI Agents That Actually Work

The Laravel Way to Build AI Agents That Actually Work

Microsoft sued over killing support for Windows 10

Microsoft sued over killing support for Windows 10

Grok 4 rolled out for free-tier users worldwide, with some limits

Firefox AI slammed for hogging CPU and draining battery

CVE-2025-30010 – SAP SRM Java Applet Cross-Site Scripting (XSS)

WinRAR Zero-Day Under Active Exploitation – Update to Latest Version Immediately

BadCam Attack Turns Trusted Linux Webcams into Stealthy USB Weapons

CVE-2025-52903 – Apache File Browser Command Execution Vulnerability

CVE-2025-46578 – GoldenDB Database SQL Injection Vulnerability

Glassmorphism CSS Generator

8 Tips for Kubernetes Role-Based Access Control (RBAC)

CVE-2025-4155 – PHPGurukul Boat Booking System SQL Injection Vulnerability

Take the State of HTML survey today

AI in Finance: Transforming Investments and Banking in the Digital Age

CVE-2025-39372 – WordPress Events Calendar Registration & Tickets Cross-site Scripting

CVE-2025-30010 – SAP SRM Java Applet Cross-Site Scripting (XSS)

Related Posts