CVE-2025-2703 – “Jira XY Chart Plugin DOM XSS”

April 23, 2025

CVE ID : CVE-2025-2703

Published : April 23, 2025, 12:15 p.m. | 2 hours, 43 minutes ago

Description : The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability.

A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

Severity: 6.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43716 – Ivanti LANDesk Management Gateway Directory Traversal Vulnerability

Next Article CVE-2025-42605 – Meon Bidding Solutions Remote Authorization Bypass Vulnerability

Highlights

CVE-2013-10055 – Havalite CMS Unauthenticated Remote Code Execution File Upload Vulnerability

August 1, 2025

CVE ID : CVE-2013-10055

Published : Aug. 1, 2025, 9:15 p.m. | 2 hours, 19 minutes ago

Description : An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-2703 – “Jira XY Chart Plugin DOM XSS”

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

I decided to change which sites appear first in Google Search — and it works on Chrome, Edge, or Firefox

CVE-2025-23123 – UBTech UniFi Protect Camera Remote Code Execution Vulnerability

BlackSuit Ransomware’s Infrastructure Dismantled; Crypto Worth $1M Seized

DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics

CVE-2013-10055 – Havalite CMS Unauthenticated Remote Code Execution File Upload Vulnerability

CVE-2025-6497 – “HTACG Tidy-html5 Assertion Vulnerability”

Implement prescription validation using Amazon Bedrock and Amazon DynamoDB

Looking for an Ubuntu Manual? Try This Book

CVE-2025-2703 – “Jira XY Chart Plugin DOM XSS”

Related Posts