CVE-2025-5198 – Stackrox XSS Vulnerability in Role Object Name

May 27, 2025

CVE ID : CVE-2025-5198

Published : May 27, 2025, 9:15 p.m. | 3 hours, 44 minutes ago

Description : A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting (XSS) if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object* that is applied to a secured cluster. This object can be used by a user with access to the cluster or through a compromised third-party product.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5279 – Amazon Redshift Python Connector AzureOAuth2CredentialsProvider SSL Certificate Validation Bypass

Next Article CVE-2025-5067 – Inappropriate implementation in Tab Strip in Googl

Highlights

CVE-2025-1732 – “Fortinet USG FLEX H Series Privilege Escalation Vulnerability”

April 22, 2025

CVE ID : CVE-2025-1732

Published : April 22, 2025, 3:15 a.m. | 3 hours, 55 minutes ago

Description : An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.

Severity: 6.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-5198 – Stackrox XSS Vulnerability in Role Object Name

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks

How to Make IT Operations More Efficient with AIOps: Build Smarter, Faster Systems

Representative Line: What the FFFFFFFF

CVE-2024-24780 – Apache IoTDB Untrusted URI Remote Code Execution Vulnerability

CVE-2025-1732 – “Fortinet USG FLEX H Series Privilege Escalation Vulnerability”

Smarter Decisions Ahead: Predictive Analytics for Sales Forecasting & Inventory Mastery📈

Is James Bond 007 First Light on Xbox?

CVE-2025-38172 – “Linux EROFS UAF Vulnerability”

CVE-2025-5198 – Stackrox XSS Vulnerability in Role Object Name

Related Posts