CVE-2025-4951 – Rapid7 AppSpider Pro Stored Cross-Site Scripting Vulnerability

May 20, 2025

CVE ID : CVE-2025-4951

Published : May 20, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the “ScanName” field.
Despite the application preventing the inclusion of special characters within the “ScanName” field, this could be bypassed by modifying the configuration file directly.

This is fixed as of version 7.5.018

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-37892 – Linux Kernel MTD INFTL Buffer Overflow

Next Article Behind the Curtain: Building Aurel’s Grand Theater from Design to Code

Highlights

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

May 22, 2025

CVE ID : CVE-2024-7103

Published : May 22, 2025, 7:15 p.m. | 1 hour, 30 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login flow, potentially leading to UI modifications, redirections to malicious websites, or data exfiltration from the browser.

While this issue could allow an attacker to manipulate the user’s browser, session-related sensitive cookies remain protected with the httpOnly flag, preventing session hijacking.

Severity: 4.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Just days after joining Game Pass, the Xbox PC edition of Call of Duty: WW2 is taken offline for “an issue”

Xbox layoffs and game cuts wreak havoc on talented developers and the company’s future portfolio — Weekend discussion 💬

Flaget – new small 5kB CLI argument parser

Flaget – new small 5kB CLI argument parser

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

EmptyEpsilon – spaceship bridge simulator game

CVE-2025-4951 – Rapid7 AppSpider Pro Stored Cross-Site Scripting Vulnerability

CVE-2025-1317 – Apache HTTP Server Remote Code Execution Vulnerability

CVE-2025-1318 – CVE-2022-1234: Cisco WebEx Meeting Center Unvalidated Redirect

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

So your friend has been hacked: Could you be next?

CVE-2025-6901 – Code-projects Inventory Management System SQL Injection Vulnerability

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

CVE-2024-7103 – WSO2 Identity Server Reflected XSS

How to Start a Career in Technical Writing by Contributing to Open Source

Big Changes at Meteor Software: Our Next Chapter

CVE-2025-6150 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-4951 – Rapid7 AppSpider Pro Stored Cross-Site Scripting Vulnerability

Related Posts