CVE-2025-48277 – Stylemix Cost Calculator Builder Stored Cross-Site Scripting Vulnerability

May 19, 2025

CVE ID : CVE-2025-48277

Published : May 19, 2025, 3:15 p.m. | 1 hour, 13 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Stylemix Cost Calculator Builder allows Stored XSS. This issue affects Cost Calculator Builder: from n/a through 3.2.74.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48278 – RSVPMarker SQL Injection

Next Article CVE-2025-48276 – Visual Composer Cross-site Scripting Vulnerability

Highlights

CVE-2025-32999 – “A-Blog CMS Cross-Site Scripting Vulnerability”

May 19, 2025

CVE ID : CVE-2025-32999

Published : May 19, 2025, 9:15 a.m. | 2 hours, 1 minute ago

Description : Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

OpenAI almost shipped ChatGPT with a different name — before a late-night twist

The dog days of JavaScript summer

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Flutter + GitHub Copilot = Your New Superpower

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

CVE-2025-48277 – Stylemix Cost Calculator Builder Stored Cross-Site Scripting Vulnerability

CVE-2023-50786 – Dradis HTTP Image Reference Vulnerability (Arbitrary Code Execution)

RondoDox: Sophisticated Botnet Exploits TBK DVRs & Four-Faith Routers for DDoS Attacks

DNS rebinding attacks explained: The lookup is coming from inside the house!

Gemini breaks new ground: a faster model, longer context and AI agents

This month in security with Tony Anscombe – February 2025 edition

CVE-2023-34732 – Flytxt NEON-dX Password Brute Force Vulnerability

CVE-2025-32999 – “A-Blog CMS Cross-Site Scripting Vulnerability”

CVE-2025-47681 – Ability, Inc Web Accessibility with Max Access CSRF

Measuring perception in AI models

DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics

CVE-2025-48277 – Stylemix Cost Calculator Builder Stored Cross-Site Scripting Vulnerability

Related Posts