CVE-2024-55651 – i-Educar Stored Cross-Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2024-55651

Published : May 8, 2025, 12:15 a.m. | 3 hours, 21 minutes ago

Description : i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field. Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions. As of time of publication, no patched versions are known to exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleResearchers from Fudan University Introduce Lorsa: A Sparse Attention Mechanism That Recovers Atomic Attention Units Hidden in Transformer Superposition

Next Article Critical CVE-2025-20188 (CVSS 10) Flaw in Cisco IOS XE WLCs Allows Remote Root Access

Highlights

CVE-2025-49132 – Pterodactyl Unauthenticated Remote Code Execution Vulnerability

June 20, 2025

CVE ID : CVE-2025-49132

Published : June 20, 2025, 5:15 p.m. | 59 minutes ago

Description : Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query parameters, a malicious actor is able to execute arbitrary code without being authenticated. With the ability to execute arbitrary code it could be used to gain access to the Panel’s server, read credentials from the Panel’s config, extract sensitive information from the database, access files of servers managed by the panel, etc. This issue has been patched in version 1.11.11. There are no software workarounds for this vulnerability, but use of an external Web Application Firewall (WAF) could help mitigate this attack.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2024-55651 – i-Educar Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-32885 – “GoTenna v1 App Message Injection Vulnerability”

8 tips for designers building branded templates in Figma Buzz

Walker – fast application launcher

Unwink AI is a platform for LLM model customization and adaptation for Entreprises

CVE-2025-49132 – Pterodactyl Unauthenticated Remote Code Execution Vulnerability

How AI-Enabled Workflow Automation Can Help SOCs Reduce Burnout

CVE-2025-22431 – Cisco Phone Emergency Services Denial of Service

Microsoft will force updates for Teams clients released over 90 days ago

CVE-2024-55651 – i-Educar Stored Cross-Site Scripting Vulnerability

Related Posts