CVE-2025-40729 – Apache Customer Support System Reflected Cross-Site Scripting (XSS)

June 16, 2025

CVE ID : CVE-2025-40729

Published : June 16, 2025, 9:15 a.m. | 1 hour, 4 minutes ago

Description : Reflected Cross-Site Scripting (XSS) in /customer_support/index.php in Customer Support System v1.0, which allows remote attackers to execute arbitrary code via the page parameter.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6114 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-40728 – Customer Support System SQL Injection

Highlights

CVE-2025-47947 – ModSecurity Denial of Service Vulnerability

May 21, 2025

CVE ID : CVE-2025-47947

Published : May 21, 2025, 10:15 p.m. | 35 minutes ago

Description : ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions up to and including 2.9.8 are vulnerable to denial of service in one special case (in stable released versions): when the payload’s content type is `application/json`, and there is at least one rule which does a `sanitiseMatchedBytes` action. A patch is available at pull request 3389 and expected to be part of version 2.9.9. No known workarounds are available.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-40729 – Apache Customer Support System Reflected Cross-Site Scripting (XSS)

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

Can AI Replace Web Developers: A Practical Look at Current Tools and Limitations

How Nippon India Mutual Fund improved the accuracy of AI assistant responses using advanced RAG methods on Amazon Bedrock

Microsoft urges Windows driver developers to use Rust, here’s why

CVE-2025-6505 – Progress Software’s Hybrid Data Pipeline Server OAuth Client Impersonation and Unauthorized Access Vulnerability

CVE-2025-47947 – ModSecurity Denial of Service Vulnerability

CVE-2025-46720 – Keystone Node.js Oracle Filter Bypass

Benchmarking the Banana Pi BPI-F3 Single Board Computer

CVE-2025-48416 – OpenSSH Root Login Hard-Coded Credential Disclosure

CVE-2025-40729 – Apache Customer Support System Reflected Cross-Site Scripting (XSS)

Related Posts