CVE-2025-1420 – Konsola Proget Stored Cross-Site Scripting Vulnerability

May 21, 2025

CVE ID : CVE-2025-1420

Published : May 21, 2025, 1:16 p.m. | 1 hour, 34 minutes ago

Description : Input provided in a field containing “activationMessage” in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack.

This issue has been fixed in 2.17.5 version of Konsola Proget (server part of the MDM suite).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1421 – Konsola Proget Remote Code Execution Vulnerability

Next Article CVE-2025-1419 – Konsola Proget Stored Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

I missed out on the Clair Obscur: Expedition 33 Collector’s Edition but thankfully, the developers are launching something special

Perficient is Shaping the Future of Salesforce Innovation

Perficient is Shaping the Future of Salesforce Innovation

Opal – Optimizely’s AI-Powered Marketing Assistant

Content Compliance Without the Chaos: How Optimizely CMP Empowers Financial Services Marketers

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

Sam Altman says ChatGPT’s viral Ghibli effect “forced OpenAI to do a lot of unnatural things”

How to get started with Microsoft Copilot on Windows 11

Microsoft blocks employees from sending emails that mention “Palestine” or “Gaza”

CVE-2025-1420 – Konsola Proget Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-2394 – Ecovacs Home Android and iOS Mobile Apps Stored XSS Vulnerability

CVE-2025-36560 – A-Blog CMS SSRF Vulnerability

Beyond Chatbots: Why Conversational AI is the Future of Business?

CVE-2025-46816 – “goshs Command Injection Vulnerability”

Scotland launches DeepTech AI to nurture postgraduate founders

JMeter on AWS: An Introduction to Scalable Load Testing

A Coding Guide to Build an Agentic AI‑Powered Asynchronous Ticketing Assistant Using PydanticAI Agents, Pydantic v2, and SQLite Database

CVE-2025-4594 – WordPress Tournamatch Stored Cross-Site Scripting Vulnerability

Australia’s 2025 Federal Election: EIAT Highlights Key Threats to Electoral Integrity

CVE-2025-1420 – Konsola Proget Stored Cross-Site Scripting Vulnerability

Related Posts