CVE-2025-5007 – Part-DB Profile Picture Feature Cross-Site Scripting

May 20, 2025

CVE ID : CVE-2025-5007

Published : May 20, 2025, 11:15 p.m. | 18 minutes ago

Description : A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5004 – “Projectworlds Online Time Table Generator SQL Injection Vulnerability”

Next Article CVE-2025-4436 – Apache HTTP Server Remote Code Execution

The Double-Edged Sustainability Sword Of AI In Web Design

Top 12 Reasons Enterprises Choose Node.js Development Services for Scalable Growth

GitHub’s coding agent can now be launched from anywhere on platform using new Agents panel

Stop writing tests: Automate fully with Generative AI

I’m a diehard Pixel fan, but I’m not upgrading to the Pixel 10. Here’s why

Google Pixel Watch 4 vs. Samsung Galaxy Watch 8: I compared the two best Androids, and here’s the winner

Get a free Amazon gift card up to $300 when you preorder a new Google Pixel 10 phone – here’s how

Everything announced at Made by Google 2025: Pixel 10 Pro, Fold, Watch 4, and more

Copy Errors as Markdown to Share With AI in Laravel 12.25

Copy Errors as Markdown to Share With AI in Laravel 12.25

Deconstructing the Request Lifecycle in Sitecore Headless – Part 2: SSG and ISR Modes in Next.js

Susan Etlinger, AI Analyst and Industry Watcher on Building Trust

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

Microsoft is investigating Windows 11 KB5063878 SSD data corruption/failure issue

Microsoft Surface Won’t Turn On: 6 Tested Solutions to Fix

CVE-2025-5007 – Part-DB Profile Picture Feature Cross-Site Scripting

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

He Hacked McDonald’s for Free Nuggets — What He Found Was Far More Dangerous

Commvault Updates Security Advisory After Nation-State Threat Actor Activity in Azure

Distribution Release: Ultramarine 41

CVE-2025-20216 – Cisco Catalyst SD-WAN Manager Cross-Site Scripting (XSS)

CVE-2025-38151 – Linux Kernel RDMA cma: Work Queue Corruption Vulnerability

RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)

Write more reliable JavaScript with optional chaining

SoftBank dethroned Microsoft as OpenAI’s largest investor, pushing the ChatGPT maker’s market cap to $300 billion — but reportedly buried itself in debt

CVE-2025-5225 – Campcodes Advanced Online Voting System SQL Injection Vulnerability

CVE-2025-5007 – Part-DB Profile Picture Feature Cross-Site Scripting

Related Posts