CVE-2025-46253 – Ataur GutenKit Stored Cross-site Scripting (XSS)

April 22, 2025

CVE ID : CVE-2025-46253

Published : April 22, 2025, 10:15 a.m. | 58 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Ataur R GutenKit allows Stored XSS. This issue affects GutenKit: from n/a through 2.2.2.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46254 – Visual Composer Cross-Site Scripting (XSS)

Next Article CVE-2025-46252 – Contact Form 7 SQL Injection Vulnerability

Highlights

CVE-2025-4821 – Cloudflare Quiche Congestion Window Overflow

June 18, 2025

CVE ID : CVE-2025-4821

Published : June 18, 2025, 4:15 p.m. | 45 minutes ago

Description : Impact

Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.

An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim’s congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable’s type, leading to an overflow panic.

Patches

quiche 0.24.4 is the earliest version containing the fix for this issue.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Learning from PHP Log to File Example

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

Package efficiency and dependency hygiene

Dmitry — The Deep Magic

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

Windows 11 Powers Up WSL: How GPU Acceleration & Kernel Upgrades Change the Game

CVE-2025-46253 – Ataur GutenKit Stored Cross-site Scripting (XSS)

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Student Insider Threats Driving Surge in UK School Data Breaches, ICO Warns

Xbox waited a year for Black Myth: Wukong — but at least it’s getting 45 more achievements than PS5. (Petty? Maybe. Worth it? Definitely.)

PUBLOAD and Pubshell Malware Used in Mustang Panda’s Tibet-Specific Attack

CVE-2024-22351 – IBM InfoSphere Information Server Authentication Session Impersonation

CVE-2025-54585 – GitProxy Branch Creation ByPass Vulnerability

CVE-2025-4821 – Cloudflare Quiche Congestion Window Overflow

CVE-2025-6862 – SourceCodester Best Salon Management System SQL Injection Vulnerability

The Secret Defense Strategy of Four Critical Industries Combating Advanced Cyber Threats

Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp

CVE-2025-46253 – Ataur GutenKit Stored Cross-site Scripting (XSS)

Related Posts