CVE-2025-4075 – VMSMan Cross Site Scripting Vulnerability

April 29, 2025

CVE ID : CVE-2025-4075

Published : April 29, 2025, 6:15 p.m. | 52 minutes ago

Description : A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input “> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4076 – LB-LINK BL-AC3600 Password Handler Command Injection Vulnerability

Next Article CVE-2025-4074 – PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-4075 – VMSMan Cross Site Scripting Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Apple Patches Flaw Exploited in Zero-click Paragon Spyware Attacks

Samsung Researchers Introduced ANSE (Active Noise Selection for Generation): A Model-Aware Framework for Improving Text-to-Video Diffusion Models through Attention-Based Uncertainty Estimation

AI, Data Protection, and Governance: Key Pillars for the Future of Business

Your car’s USB port is seriously underrated: 5 features you’re not using enough

CVE-2025-43546 – Oracle Bridge Integer Underflow Vulnerability

Protect sensitive data in RAG applications with Amazon Bedrock

Django Crash Course for Beginners

CVE-2025-47940 – TYPO3 Privileged Access Escalation Vulnerability

How to Build a Lean Security Model: 5 Lessons from River Island

CVE-2025-4075 – VMSMan Cross Site Scripting Vulnerability

Related Posts