CVE-2025-47669 – Sabuj Kundu CBX Map for Google Map & OpenStreetMap Cross-site Scripting

May 7, 2025

CVE ID : CVE-2025-47669

Published : May 7, 2025, 3:16 p.m. | 20 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Sabuj Kundu CBX Map for Google Map & OpenStreetMap allows DOM-Based XSS. This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.12.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47675 – Woobox Cross-Site Scripting (XSS)

Next Article CVE-2025-47668 – CookieCode Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-46821 – Envoy URI Template Path Matching Bypass Vulnerability

May 7, 2025

CVE ID : CVE-2025-46821

Published : May 7, 2025, 10:15 p.m. | 1 hour, 21 minutes ago

Description : Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy’s URI template matcher incorrectly excludes the `*` character from a set of valid characters in the URI path. As a result URI path containing the `*` character will not match a URI template expressions. This can result in bypass of RBAC rules when configured using the `uri_template` permissions. This vulnerability is fixed in Envoy versions v1.34.1, v1.33.3, v1.32.6, v1.31.8. As a workaround, configure additional RBAC permissions using `url_path` with `safe_regex` expression.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Best early Prime Day Nintendo Switch deals: My 17 favorite sales live now

How I use VirtualBox to run any OS on my Mac – including Linux

Apple will give you a free pair of AirPods when you buy a MacBook or iPad for school – here’s who’s eligible

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

Music Streaming Platform using PHP and MySQL

Music Streaming Platform using PHP and MySQL

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

Reducing Barriers Across Industries Through Inclusive Design

Windows 11 Installation Assistant Download: 2025 Guide

Windows 11 Installation Assistant Download: 2025 Guide

Didn’t Receive Gears of War: Reloaded Code? Explainer

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-47669 – Sabuj Kundu CBX Map for Google Map & OpenStreetMap Cross-site Scripting

Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

PowerToys Run adds Internet speed test, video downloader & more

CVE-2025-32306 – LambertGroup Radio Player Shoutcast & Icecast WordPress Plugin SQL Injection Vulnerability

South African man imprisoned after ransom demand against his former employer

It took 15 YEARS for Minecraft to let us craft this item, but it’s finally coming (plus new music and more)

CVE-2025-46821 – Envoy URI Template Path Matching Bypass Vulnerability

CVE-2025-5076 – FreeFloat FTP Server Buffer Overflow

CVE-2025-46577 – GoldenDB Database SQL Injection Vulnerability

How Rufus doubled their inference speed and handled Prime Day traffic with AWS AI chips and parallel decoding

CVE-2025-47669 – Sabuj Kundu CBX Map for Google Map & OpenStreetMap Cross-site Scripting

Related Posts