CVE-2025-6563 – MikroTik RouterOS Cross-Site Scripting

July 3, 2025

CVE ID : CVE-2025-6563

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : A cross-site scripting vulnerability is present in the hotspot of MikroTik’s RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker’s account) and triggers the payload.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2537 – WordPress ThickBox Stored Cross-Site Scripting

Next Article CVE-2025-40722 – Flatboard Pro Stored XSS

Highlights

CVE-2025-8653 – Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

August 6, 2025

CVE ID : CVE-2025-8653

Published : Aug. 6, 2025, 2:15 a.m. | 21 hours, 29 minutes ago

Description : Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the JKRadioService. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26312.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

CVE-2025-6563 – MikroTik RouterOS Cross-Site Scripting

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

CVE-2025-5392 – “WordPress GB Forms DB Remote Code Execution”

CVE-2025-49791 – Apache HTTP Server Denial of Service

Apple Intelligence Foundation Language Models Tech Report 2025

Rilasciato Celluloid 0.29: Lettore Video Libero e Moderno per GNU/Linux

CVE-2025-8653 – Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2025-47951 – Weblate Second Factor OTP Guessing Vulnerability

EchoLeak Zero-Click AI Attack in Microsoft Copilot Exposes Company Data

How to Set Up GitHub CLI on WSL2

CVE-2025-6563 – MikroTik RouterOS Cross-Site Scripting

Related Posts