CVE-2025-4379 – DobryCMS Reflected Cross-Site Scripting (XSS) Vulnerability

May 23, 2025

CVE ID : CVE-2025-4379

Published : May 23, 2025, 10:15 a.m. | 2 hours, 24 minutes ago

Description : DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim’s browser when specially crafted URL is opened.

A hotfix for affected versions was released on 29.04.2025. It removes the vulnerability without incrementing the version.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3894 – MegaBIP Stored XSS

Next Article CVE-2024-13945 – ASPECT Stored Path Traversal Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

CVE-2025-4379 – DobryCMS Reflected Cross-Site Scripting (XSS) Vulnerability

CVE-2025-49697 – Microsoft Office Heap Buffer Overflow Vulnerability

CVE-2025-49701 – Microsoft Office SharePoint Cross-Site Scripting (XSS)

CVE-2025-46336 – Rack::Session Pool Session Restoration Vulnerability

Automatic Relation Loading in Laravel 12.8

Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack

CVE-2025-52485 – DNN Cross-Site Scripting (XSS) Vulnerability

CVE-2025-31250 – Apple macOS Sequoia Information Disclosure Vulnerability

CVE-2025-4813 – PHPGurukul Human Metapneumovirus Testing Management System SQL Injection Vulnerability

CISA Adds Langflow flaw to KEV Catalog

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

CVE-2025-4379 – DobryCMS Reflected Cross-Site Scripting (XSS) Vulnerability

Related Posts