CVE-2025-32019 – Harbor Cross-Site Scripting (XSS) Vulnerability

July 23, 2025

CVE ID : CVE-2025-32019

Published : July 23, 2025, 9:15 p.m. | 1 hour, 50 minutes ago

Description : Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain a vulnerability where the markdown field in the info tab page can be exploited to inject XSS code. This is fixed in versions 2.11.3 and 2.12.3.

Severity: 4.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47281 – Kyverno JMESPath Variable Substitution Denial of Service

Next Article CVE-2025-8058 – “GNU C Library Regcomp Double Free Vulnerability”

Highlights

CVE-2024-5962 – WSO2 WSO2 Reflected Cross-Site Scripting (XSS) Vulnerability

May 22, 2025

CVE ID : CVE-2024-5962

Published : May 22, 2025, 8:15 p.m. | 30 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the authentication flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

I ran with the Apple Watch and Samsung Watch 8 – here’s the better AI coach

8 smart home gadgets that instantly upgraded my house (and why they work)

I tested Panasonic’s new affordable LED TV model – here’s my brutally honest buying advice

OpenAI teases imminent GPT-5 launch. Here’s what to expect

NativePHP Is Entering Its Next Phase

NativePHP Is Entering Its Next Phase

Medical Card Generator Android App Project Using SQLite

The details of TC39’s last meeting

Elden Ring Nightreign’s Patch 1.02 update next week is adding a feature we’ve all been waiting for since launch — and another I’ve been begging for, too

Elden Ring Nightreign’s Patch 1.02 update next week is adding a feature we’ve all been waiting for since launch — and another I’ve been begging for, too

The next time you look at Microsoft Copilot, it may look back — but who asked for this?

5 Open Source Apps You Can use for Seamless File Transfer Between Linux and Android

CVE-2025-32019 – Harbor Cross-Site Scripting (XSS) Vulnerability

SharePoint under fire: ToolShell attacks hit organizations worldwide

Rogue CAPTCHAs: Look out for phony verification pages spreading malware

Unlocking Business Intelligence with Multi-Modal AI Development Services🔍

Some of Call of Duty: Warzone’s biggest players use this weapon optic, so I tried it — it totally changed the game

CVE-2025-4586 – WordPress IRM Newsroom Plugin Stored Cross-Site Scripting

I changed 10 settings on my Fire TV for better performance and fewer distractions

CVE-2024-5962 – WSO2 WSO2 Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2025-43008 – Microsoft SharePoint Information Disclosure Vulnerability

Rilasciato Amarok 3.3: Il Lettore Musicale Open Source Ora Completamente Portato su Qt 6

Orthodontist Orange County

CVE-2025-32019 – Harbor Cross-Site Scripting (XSS) Vulnerability

Related Posts