CVE-2025-49130 – Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

June 9, 2025

CVE ID : CVE-2025-49130

Published : June 9, 2025, 1:15 p.m. | 2 hours, 25 minutes ago

Description : Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user’s browser, allowing them to steal sensitive data, hijack user sessions, or conduct other malicious activities. Only authenticated users with access to the translation manager are impacted. The issue is fixed in version 0.6.8.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48053 – Discourse Bot URL Availability Denial

Next Article CVE-2025-49006 – Keycloak Wasp OAuth Authentication ID Case Sensitivity Vulnerability

Highlights

CVE-2025-46633 – Tenda RX2 Pro Information Leak

May 1, 2025

CVE ID : CVE-2025-46633

Published : May 1, 2025, 8:15 p.m. | 3 hours, 12 minutes ago

Description : Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in response to successful authentication. The IV is always EU5H62G9ICGRNI43.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

Trump’s AI plan says a lot about open source – but here’s what it leaves out

Google’s new Search mode puts classic results back on top – how to access it

These AR swim goggles I tested have all the relevant metrics (and no subscription)

Google’s new AI tool Opal turns prompts into apps, no coding required

Laravel Scoped Route Binding for Nested Resource Management

Laravel Scoped Route Binding for Nested Resource Management

Add Reactions Functionality to Your App With Laravel Reactions

saasykit/laravel-open-graphy

Sam Altman won’t trust ChatGPT with his “medical fate” unless a doctor is involved — “Maybe I’m a dinosaur here”

Sam Altman won’t trust ChatGPT with his “medical fate” unless a doctor is involved — “Maybe I’m a dinosaur here”

“It deleted our production database without permission”: Bill Gates called it — coding is too complex to replace software engineers with AI

Top 6 new features and changes coming to Windows 11 in August 2025 — from AI agents to redesigned BSOD screens

CVE-2025-49130 – Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

ToolShell: An all-you-can-eat buffet for threat actors

NVIDIA confirms final driver support for GTX 900 and 1000 series cards

How to Keep Up With New CSS Features

This Xbox Cloud Gaming feature is finally making the jump from PC to consoles

Are Subscriptions Trying to Trick You with Their Pricing?

CVE-2025-46633 – Tenda RX2 Pro Information Leak

How AI Agents Store, Forget, and Retrieve? A Fresh Look at Memory Operations for the Next-Gen LLMs

Arch Linux approda ufficialmente su Windows Subsystem for Linux

CVE-2023-42404 – OneVision Workspace Java EL Injection

CVE-2025-49130 – Laravel Translation Manager Stored Cross-Site Scripting Vulnerability

Related Posts