CVE-2025-51629 – Eccobook PdfViewer XSS

August 7, 2025

CVE ID : CVE-2025-51629

Published : Aug. 7, 2025, 6:15 p.m. | 5 hours, 55 minutes ago

Description : A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Temp parameter.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8697 – AgentUniverse MCPSessionManager/MCPTool/MCPToolkit Os Command Injection Vulnerability

Next Article CVE-2023-41532 – Medicore Hospital Management System SQL Injection

Highlights

CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

May 5, 2025

CVE ID : CVE-2025-46559

Published : May 5, 2025, 7:15 p.m. | 18 minutes ago

Description : Misskey is an open source, federated social media platform. Starting in version 12.31.0 and prior to version 2025.4.1, missing validation in `Mk:api` allows malicious AiScript code to access additional endpoints that it isn’t designed to have access to. The missing validation allows malicious AiScript code to prefix a URL with `../` to step out of the `/api` directory, thereby being able to make requests to other endpoints, such as `/files`, `/url`, and `/proxy`. Version 2025.4.1 fixes the issue.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-51629 – Eccobook PdfViewer XSS

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Microsoft Limits Free “onmicrosoft” Email Domains to Stop Spam

Comparing Tauri and Electron

CodeSOD: Back Up for a Moment

Over 1,200 Citrix servers unpatched against critical auth bypass flaw

CVE-2025-46559 – Misskey AiScript Cross-Site Request Forgery (CSRF)

Multiple Schneider Electric Vulnerabilities Let Attackers Inject OS Commands

GitHub found 39M secret leaks in 2024. Here’s what we’re doing to help

CVE-2025-45065 – “Employee Record Management System in PHP and MySQL SQL Injection Vulnerability”

CVE-2025-51629 – Eccobook PdfViewer XSS

Related Posts