CVE-2025-4376 – Sparx Systems Pro Cloud Server Cross-Site Scripting (XSS)

May 9, 2025

CVE ID : CVE-2025-4376

Published : May 9, 2025, 6:15 a.m. | 25 minutes ago

Description : Improper Input Validation vulnerability in Sparx Systems Pro Cloud Server’s WebEA model search field allows Cross-Site Scripting (XSS).
This issue affects Pro Cloud Server: earlier than 6.0.165.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4377 – Sparx Systems Pro Cloud Server Path Traversal

Next Article CVE-2025-4375 – Sparx Systems Pro Cloud Server CSRF Session Hijacking

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-4376 – Sparx Systems Pro Cloud Server Cross-Site Scripting (XSS)

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

Grafito is a simple, self-contained web-based log viewer for journalctl

How AI Tools Transformed My Writing: The Top AI Writing Tools I Use

CVE-2025-48792 – Oracle WebLogic Server Unvalidated Redirect

CVE-2025-46274 – UNI-NMS-Lite Authentication Bypass

CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

CVE-2025-44019 – AVEVA PI Data Archive Denial of Service (DoS) Vulnerability

From MCP to multi-agents: The top 10 open source AI projects on GitHub right now and why they matter

I thought my iPhone 16 camera was good enough for photos – until I attached this accessory

CVE-2025-4376 – Sparx Systems Pro Cloud Server Cross-Site Scripting (XSS)

Related Posts