CVE-2025-5523 – Enilu Web-Flash Cross-Site Scripting Vulnerability

June 3, 2025

CVE ID : CVE-2025-5523

Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago

Description : A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5525 – “Jrohy Trojan LogChan os Command Injection Vulnerability”

Next Article CVE-2025-35036 – Apache Hibernate Expression Language Injection Vulnerability

Highlights

CVE-2025-3458 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

April 22, 2025

CVE ID : CVE-2025-3458

Published : April 22, 2025, 12:15 p.m. | 2 hours, 22 minutes ago

Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ocean_gallery_id’ parameter in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The Classic Editor plugin must be installed and activated to exploit the vulnerability.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5523 – Enilu Web-Flash Cross-Site Scripting Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Step-by-Step Guide to Build a Customizable Multi-Tool AI Agent with LangGraph and Claude for Dynamic Agent Creation

This beastly 500W charger replaced every other charger I had – with six ports to boot

CVE-2025-49840 – GPT-SoVITS-WebUI Deserialization Vulnerability

Mirai Botnet Actively Exploiting GeoVision IoT Devices Command Injection Vulnerabilities

CVE-2025-3458 – WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability

Best early Prime Day TV deals: My 17 favorite sales live now

CVE-2025-7144 – SourceCodester Best Salon Management System Cross-Site Scripting Vulnerability

Terraform State Management: Understanding and Best Practices

CVE-2025-5523 – Enilu Web-Flash Cross-Site Scripting Vulnerability

Related Posts