CVE-2025-3970 – Baseweb JSite Cross-Site Scripting Vulnerability

April 27, 2025

CVE ID : CVE-2025-3970

Published : April 27, 2025, 1:15 p.m. | 1 hour, 49 minutes ago

Description : A vulnerability classified as problematic has been found in baseweb JSite up to 1.0. Affected is an unknown function of the file /sys/office/save. The manipulation of the argument Remarks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3971 – PHPGurukul COVID19 Testing Management System SQL Injection Vulnerability

Next Article CVE-2025-3969 – Codeprojects News Publishing Site Dashboard Remote File Upload Vulnerability

Highlights

CVE-2025-3899 – Webserver Certificates Cross-site Scripting

June 10, 2025

CVE ID : CVE-2025-3899

Published : June 10, 2025, 9:15 a.m. | 29 minutes ago

Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability
exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated
malicious user leading to modify or read data in a victim’s browser.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-3970 – Baseweb JSite Cross-Site Scripting Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

Distribution Release: Fedora 42

Your Pixel Watch just got a new scam-busting feature – how to enable it

Fake AI Tools Used to Spread Noodlophile Malware, Targeting 62,000+ via Facebook Lures

IDMC – CDI Best Practices

CVE-2025-3899 – Webserver Certificates Cross-site Scripting

New Asus smartwatch first to measure both blood pressure and ECG

Top AI tools to leverage for business growth

CVE-2025-3898 – Apache Webserver Denial of Service Vulnerability

CVE-2025-3970 – Baseweb JSite Cross-Site Scripting Vulnerability

Related Posts