CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

May 21, 2025

CVE ID : CVE-2025-5010

Published : May 21, 2025, 12:15 a.m. | 4 hours, 23 minutes ago

Description : A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleUse Multi-Cursor in VS Code to Edit Multiple Lines Simultaneously

Next Article CVE-2025-5011 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Highlights

CVE-2025-38231 – Linux Kernel NFSd NULL Pointer Dereference Vulnerability

July 4, 2025

CVE ID : CVE-2025-38231

Published : July 4, 2025, 2:15 p.m. | 4 hours, 57 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through
nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn’t initialized,
this can cause NULL pointer dereference.

Normally the delayed start of laundromat_work allows sufficient time for
nfsd_ssc initialization to complete. However, when the kernel waits too
long for userspace responses (e.g. in nfs4_state_start_net ->
nfsd4_end_grace -> nfsd4_record_grace_done -> nfsd4_cld_grace_done ->
cld_pipe_upcall -> __cld_pipe_upcall -> wait_for_completion path), the
delayed work may start before nfsd_ssc initialization finishes.

Fix this by moving nfsd_ssc initialization before starting laundromat_work.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 27/2025

CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Microsft says Windows Hello no longer works in the dark, and it’s NOT a bug

CVE-2025-46574 – GoldenDB Information Disclosure

How to Clean Printer Queue in Windows 11: Easy Guide

CVE-2024-55567 – Insyde H2O UsbCoreDxe SMM Call Out Vulnerability

CVE-2025-38231 – Linux Kernel NFSd NULL Pointer Dereference Vulnerability

Google reveals Gemini 2.5 Flash, its ‘most cost-efficient thinking model’

How I Run JavaScript in VS Code

CVE-2025-3471 – “SureForms WordPress Plugin Unauthenticated Configuration Update”

CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Related Posts