CVE-2025-5523 – Enilu Web-Flash Cross-Site Scripting Vulnerability

June 3, 2025

CVE ID : CVE-2025-5523

Published : June 3, 2025, 8:15 p.m. | 1 hour, 30 minutes ago

Description : A vulnerability classified as problematic has been found in enilu web-flash 1.0. This affects the function fileService.upload of the file src/main/java/cn/enilu/flash/api/controller/FileController/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5525 – “Jrohy Trojan LogChan os Command Injection Vulnerability”

Next Article CVE-2025-35036 – Apache Hibernate Expression Language Injection Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-5523 – Enilu Web-Flash Cross-Site Scripting Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CVE-2025-4318 Critical RCE in AWS Amplify Codegen UI

Google to Simplify Chrome browser Security Settings Interface for Better User Experience

South African Airways Suffers Cyberattack, Systems Restored Same Day

Microsoft Edge 136 revamps many of the browser’s sections

Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721

CVE-2024-36340 – AMD uProf File Deletion/Disclosure Junction Point Vulnerability

Galileo Introduces Luna: An Evaluation Foundation Model to Catch Language Model Hallucinations with High Accuracy and Low Cost

AI in Marketing: Fueling Data-Driven Campaigns & Uncovering Customer Insights📊

I play ROG Ally handhelds connected to my TV like a console, and it’s easy to set up

CVE-2025-5523 – Enilu Web-Flash Cross-Site Scripting Vulnerability

Related Posts