CVE-2025-3117 – Apache Configuration File Cross-site Scripting (XSS)

June 10, 2025

CVE ID : CVE-2025-3117

Published : June 10, 2025, 9:15 a.m. | 29 minutes ago

Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability
exists impacting configuration file paths that could cause an unvalidated data injected by authenticated
malicious user leading to modify or read data in a victim’s browser.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3116 – Apache HTTP Server SSL/TLS Denial of Service Vulnerability

Next Article CVE-2025-3112 – Apache Webserver Resource Exhaustion Denial of Service

Highlights

CVE-2025-48795 – Apache CXF Unencrypted Temporary File Log Exposure Denial of Service

July 15, 2025

CVE ID : CVE-2025-48795

Published : July 15, 2025, 3:15 p.m. | 1 hour, 19 minutes ago

Description : Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory exception. In addition, it is possible to configure CXF to encrypt temporary files to prevent sensitive credentials from being cached unencrypted on the local filesystem, however this bug means that the cached files are written out to logs unencrypted.

Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or 4.1.1, which fixes this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-3117 – Apache Configuration File Cross-site Scripting (XSS)

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Ubuntu 25.10 to Include New Image Viewer, Terminal Apps

CVE-2025-39367 – SeventhQueen Kleo Missing Authorization Vulnerability

Innovate business logic by implementing return of control in Amazon Bedrock Agents

Apache Tomcat Coyote Vulnerability Let Attackers Trigger DoS Attack

CVE-2025-48795 – Apache CXF Unencrypted Temporary File Log Exposure Denial of Service

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

CVE-2025-8342 – WooCommerce OTP Login With Phone Number Authentication Bypass Vulnerability

CVE-2025-6139 – TOTOLINK T10 Hard-Coded Password Vulnerability

CVE-2025-3117 – Apache Configuration File Cross-site Scripting (XSS)

Related Posts