CVE-2025-48112 – Karimmughal Cross-site Scripting (XSS) Vulnerability

May 16, 2025

CVE ID : CVE-2025-48112

Published : May 16, 2025, 4:15 p.m. | 47 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in karimmughal Dot html,php,xml etc pages allows Reflected XSS. This issue affects Dot html,php,xml etc pages: from n/a through 1.0.

Severity: 7.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48080 – Uncanny Owl Uncanny Toolkit for LearnDash Stored Cross-site Scripting

Next Article CVE-2025-48079 – Metagauss ProfileGrid Missing Authorization Vulnerability

Highlights

CVE-2025-44043 – Keyoti SearchUnit SSRF

June 10, 2025

CVE ID : CVE-2025-44043

Published : June 10, 2025, 4:15 p.m. | 34 minutes ago

Description : Keyoti SearchUnit prior to 9.0.0. is vulnerable to Server-Side Request Forgery (SSRF) in /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetResults and /Keyoti_SearchEngine_Web_Common/SearchService.svc/GetLocationAndContentCategories. An attacker can specify their own SMB server as the indexDirectory value when making POST requests to the affected components. In doing so an attacker can get the SearchUnit server to read and write configuration and log files from/to the attackers server.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Maintaining Data Consistency with Laravel Database Transactions

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

Inertia Releases a New Form Component

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Google’s Gemini AI had a full-on meltdown while coding — calling itself a fool, a disgrace, and begging for freedom from its own loop

Take-Two hints at $100 price tag for Grand Theft Auto VI — will it deliver on value?

ChatGPT Go offers GPT-5, image creation, and longer memory — all for $5 (if you’re lucky enough to live where it’s available)

CVE-2025-48112 – Karimmughal Cross-site Scripting (XSS) Vulnerability

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Zero Trust + AI: Privacy in the Age of Agentic AI

WAGO Device Manager Vulnerabilities Expose Critical Industrial Infrastructure to Remote Exploits

The top 10 laptops ZDNET readers are buying in 2025

Proof That Aliens Exist Beneath the Ocean May Come Out Shocking!

Apple Overhauls EU App Store Policy: New Fees & Open External Purchases After €500M Fine

CVE-2025-44043 – Keyoti SearchUnit SSRF

Ollama Brings Local AI to Windows with New App

jdSystemMonitor is a desktop-independent system monitor for Linux

CVE-2025-5561 – PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability

CVE-2025-48112 – Karimmughal Cross-site Scripting (XSS) Vulnerability

Related Posts