CVE-2025-32961 – Cuba JPA Cross-Site Scripting (XSS)

April 22, 2025

CVE ID : CVE-2025-32961

Published : April 22, 2025, 6:16 p.m. | 31 minutes ago

Description : The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 1.1.1. A workaround is provided on the Jmix documentation website.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

Next Article CVE-2025-32960 – CUBA REST API Cross-Site Scripting (XSS)

Highlights

CVE-2025-1863 – Yokogawa Electric Corporation Paperless Recorders Authentication Bypass

April 22, 2025

CVE ID : CVE-2025-1863

Published : April 18, 2025, 6:15 a.m. | 4 days, 7 hours ago

Description : Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products. Therefore, when connected to a network with default settings, anyone can access all functions related to settings and operations. As a result, an attacker can illegally manipulate and configure important data such as measured values and settings.
This issue affects GX10 / GX20 / GP10 / GP20 Paperless Recorders: R5.04.01 or earlier; GM Data Acquisition System: R5.05.01 or earlier; DX1000 / DX2000 / DX1000N Paperless Recorders: R4.21 or earlier; FX1000 Paperless Recorders: R1.31 or earlier; μR10000 / μR20000 Chart Recorders: R1.51 or earlier; MW100 Data Acquisition Units: All versions; DX1000T / DX2000T Paperless Recorders: All versions; CX1000 / CX2000 Paperless Recorders: All versions.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

CodeSOD: A Real POS Report

Decoding The SVG path Element: Line Commands

Apple doesn’t need better AI as much as AI needs Apple to bring its A-game

DistroWatch Weekly, Issue 1125

Motion Highlights #9

The 2025 Wholesome Direct was chock-full of cozy casual games and aesthetic vibes

GuacPanel

GuacPanel

FilamentExamples.com: Our Demo-Projects and Tutorials on Filament

Laravel Migration With Schema Validation in MongoDB

Raspberry Pi 5 Desktop Mini PC: Installing Software

Raspberry Pi 5 Desktop Mini PC: Installing Software

SmartOS – Type 1 Hypervisor platform based on illumos

Karakeep is a self-hostable bookmark-everything app

CVE-2025-32961 – Cuba JPA Cross-Site Scripting (XSS)

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Clair Obscur: Expedition 33 is an Xbox Game Pass triumph that expertly weaves two RPG genres together, and I’m into it

CVE-2025-5778 – “ABC Courier Management System SQL Injection Vulnerability”

Filament Is Now Running Natively on Mobile

Boson AI Introduces Higgs Audio Understanding and Higgs Audio Generation: An Advanced AI Solution with Real-Time Audio Reasoning and Expressive Speech Synthesis for Enterprise Applications

CVE-2025-1863 – Yokogawa Electric Corporation Paperless Recorders Authentication Bypass

CVE-2025-26844 – Znuny Cookie Without HttpOnly Flag Vulnerability

Talk to more users sooner

Cisco’s Latest AI Agents Report Details the Transformative Impact of Agentic AI on Customer Experience

CVE-2025-32961 – Cuba JPA Cross-Site Scripting (XSS)

Related Posts