CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

May 1, 2025

CVE ID : CVE-2025-35996

Published : May 1, 2025, 7:15 p.m. | 53 minutes ago

Description : KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, the filename could be executed as HTML script tag resulting in a cross-site-scripting attack.

Severity: 9.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-36521 – MicroDicom DICOM Viewer Out-of-Bounds Read Vulnerability

Next Article CVE-2025-24522 – KUNBUS Revolution Pi Node-RED Remote Command Execution

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Microsoft Bing is stealing tens of millions of Google’s search users according to the latest data

Microsoft could bring Elon Musk’s Grok AI model to Azure — Cozying up with OpenAI’s arch-nemesis xAI for its AI Foundry

Grand Theft Auto 6 has been DELAYED — will now miss 2025 launch window entirely

Satya Nadella says Microsoft’s AI model performance is “doubling every 6 months”, despite the estranged OpenAI partnership

JavaScript Pulse: Weekly Dev Digest – May 2, 2025

JavaScript Pulse: Weekly Dev Digest – May 2, 2025

Making V8 eager to compile your JavaScript

Unlock More from Salesforce with the PrecisionIQ Assessment

Microsoft Bing is stealing tens of millions of Google’s search users according to the latest data

Microsoft Bing is stealing tens of millions of Google’s search users according to the latest data

Microsoft could bring Elon Musk’s Grok AI model to Azure — Cozying up with OpenAI’s arch-nemesis xAI for its AI Foundry

Grand Theft Auto 6 has been DELAYED — will now miss 2025 launch window entirely

CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

CISA Adds Two New Exploited Vulnerabilities to Its Catalog: CVE-2024-38475 and CVE-2023-44221

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

Perficient Included in IDC Market Glance: Enterprise Intelligence Services Report

The Great Office Reset

Schleswig-Holstein: il primo stato tedesco a migrare 30.000 computer su LibreOffice e Linux

Tariff war has tech buyers wondering what’s next. Here’s what we know

Best AI-Powered Tools to Build Your Next Project Faster

Setting Up a Secure Mail Server with Dovecot on Ubuntu Server

CVE-2025-46627 – Tenda RX2 Pro Weak Credential Vulnerability

ASUS Armoury Crate Not Detecting RAM: 4 Methods to Fix it

CVE-2025-35996 – KUNBUS PiCtory Stored Cross-Site Scripting (XSS)

Related Posts