CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

May 21, 2025

CVE ID : CVE-2025-5010

Published : May 21, 2025, 12:15 a.m. | 4 hours, 23 minutes ago

Description : A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleHelldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Next Article CVE-2025-5011 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Highlights

CVE-2024-13860 – Buddyboss WordPress Stored Cross-Site Scripting

May 2, 2025

CVE ID : CVE-2024-13860

Published : May 2, 2025, 7:15 a.m. | 2 hours, 4 minutes ago

Description : The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘bbp_topic_title’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Qualcomm’s new Adreno Control Panel will let you fine-tune the GPU for certain games on Snapdragon X Elite devices

Samsung takes on LG’s best gaming TVs — adds NVIDIA G-SYNC support to 2025 flagship

The biggest unanswered questions about Xbox’s next-gen consoles

HCL Commerce V9.1 – The Power of HCL Commerce Search

HCL Commerce V9.1 – The Power of HCL Commerce Search

Community News: Latest PECL Releases (05.20.2025)

Getting Started with Personalization in Sitecore XM Cloud: Enable, Extend, and Execute

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Qualcomm’s new Adreno Control Panel will let you fine-tune the GPU for certain games on Snapdragon X Elite devices

Samsung takes on LG’s best gaming TVs — adds NVIDIA G-SYNC support to 2025 flagship

CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-5011 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead

CVE Program rescued at the last minute after concerns over losing its government funding

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining

How to create a design system

CVE-2024-13860 – Buddyboss WordPress Stored Cross-Site Scripting

How to give your Xbox Series X|S or Xbox One a Static IP address

German Police Disrupt DDoS-for-Hire Platform dstat[.]cc; Suspects Arrested

Leveraging Power Automate to Create Interactive Emails with Embedded Images and Links

CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Related Posts