CVE-2025-46237 – Yannick Lefebvre Link Library Cross-site Scripting

April 22, 2025

CVE ID : CVE-2025-46237

Published : April 22, 2025, 10:15 a.m. | 58 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46242 – Watu Quiz SQL Injection

Next Article CVE-2025-46240 – Simple Download Counter Stored Cross-site Scripting

Highlights

CVE-2025-58163 – FreeScout Remote Code Execution Vulnerability

September 2, 2025

CVE ID : CVE-2025-58163

Published : Sept. 3, 2025, 2:15 a.m. | 29 minutes ago

Description : FreeScout is a free help desk and shared inbox built with PHP’s Laravel framework. In versions 1.8.185 and below, the application performs deserialization of data that can allow authenticated attackers with knowledge of the application’s APP_KEY to achieve remote code execution. The vulnerability can be exploited via endpoint: `/help/{mailbox_id}/auth/{customer_id}/{hash}/{timestamp}` where the `customer_id` and `timestamp` parameters are processed through the decrypt function in `app/Helper.php` without proper validation. The vulnerable code performs decryption using Laravel’s built-in encryption functions, which subsequently deserializes the decrypted payload without sanitization. This is fixed in version 1.8.186.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-46237 – Yannick Lefebvre Link Library Cross-site Scripting

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

CVE-2025-9688 – Mupen64Plus Remote Integer Overflow Vulnerability

CVE-2025-5387 – JeeWMS File Handler Improper Access Controls Remote Vulnerability

DOGE BIG BALLS Campaign Blurs Lines Between Exploitation, Recon, and Reputation Damage

CodeSOD: Unnavigable

CVE-2025-58163 – FreeScout Remote Code Execution Vulnerability

Researchers Details macOS Remote Code Execution Vulnerability – CVE-2024-44236

MIT Learn offers “a whole new front door to the Institute”

Dashlane ends free subscriptions – you have one month to upgrade or switch

CVE-2025-46237 – Yannick Lefebvre Link Library Cross-site Scripting

Related Posts