CVE-2025-29690 – OA System Cross-Site Scripting (XSS)

May 14, 2025

CVE ID : CVE-2025-29690

Published : May 14, 2025, 10:15 p.m. | 52 minutes ago

Description : A cross-site scripting (XSS) vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the outtype parameter at /address/AddrController.java.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-45067 – Intel Gaudi Privilege Escalation

Next Article CVE-2025-29689 – OA System Cross-Site Scripting (XSS)

Highlights

CVE-2025-5482 – Sunshine Photo Cart WordPress Privilege Escalation Vulnerability

June 4, 2025

CVE ID : CVE-2025-5482

Published : June 4, 2025, 8:15 a.m. | 2 hours, 44 minutes ago

Description : The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.11. This is due to the plugin not properly validating a user-supplied key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user’s passwords through the password reset functionality, including administrators, and leverage that to reset the user’s password and gain access to their account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

DistroWatch Weekly, Issue 1128

Your Slack app is getting a big upgrade – here’s how to try the new AI features

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

Microsoft confirms Windows 11 25H2, might make Windows more stable

CVE-2025-29690 – OA System Cross-Site Scripting (XSS)

Synology ABM Flaw (CVE-2025-4679) Leaks Global Client Secret, Exposing ALL Microsoft 365 Tenants

D-Link DIR-816 Router Alert: 6 Critical Flaws (CVSS 9.8) Allow Remote Code Execution, NO PATCHES

CVE-2025-4873 – PHPGurukul News Portal SQL Injection Vulnerability

Dell says Windows 11’s next-gen ARM PCs to improve external monitor support

CVE-2025-4587 – WordPress A/B Testing Stored Cross-Site Scripting

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers

CVE-2025-5482 – Sunshine Photo Cart WordPress Privilege Escalation Vulnerability

CVE-2023-28902 – Skoda MIB3 Infotainment Unit Integer Underflow Denial-of-Service Vulnerability

CVE-2025-4111 – PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

Optimizing Website Design Widths for a Multi-Device World

CVE-2025-29690 – OA System Cross-Site Scripting (XSS)

Related Posts