CVE-2025-5323 – Fossasia Open-Event-Server Encryption Bypass Vulnerability

May 29, 2025

CVE ID : CVE-2025-5323

Published : May 29, 2025, 6:15 p.m. | 3 hours, 18 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The manipulation leads to reliance on obfuscation or encryption of security-relevant inputs without integrity checking. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32752 – Dell ThinOS Cleartext Storage of Sensitive Information Vulnerability

Next Article CVE-2025-46823 – OpenMRS FHIR2 Privilege Escalation Vulnerability

Highlights

CVE-2024-13858 – Buddyboss Platform Stored Cross-Site Scripting Vulnerability

May 2, 2025

CVE ID : CVE-2024-13858

Published : May 2, 2025, 7:15 a.m. | 2 hours, 4 minutes ago

Description : The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘invitee_name’ parameter in all versions up to, and including, 2.8.50 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability was partially patched in version 2.8.41.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

Report: 71% of tech leaders won’t hire devs without AI skills

Could OpenAI’s rumored browser be a Chrome-killer? Here’s what I’m expecting

My favorite lens and screen-cleaning kit keeps my tech spotless, and it only costs $8

AI’s biggest impact on your workforce is still to come – 3 ways to avoid getting left behind

Remedy offers update on ‘FBC: Firebreak,’ details coming improvements — “We’ve seen many players come into the game and leave within the first hour.”

The details of TC39’s last meeting

The details of TC39’s last meeting

Online Examination System using PHP and MySQL

A tricky, educational quiz: it’s about time..

CAD Sketcher – constraint-based geometry sketcher

CAD Sketcher – constraint-based geometry sketcher

7 Best Free and Open Source Linux FTP Servers

Best Free and Open Source Alternatives to Autodesk FBX Review

CVE-2025-5323 – Fossasia Open-Event-Server Encryption Bypass Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

Citrix Patches Critical Vulns in NetScaler ADC and Gateway

CVE-2025-52467 – PostgreSQL Agentic Interface GitHub Token Exfiltration Vulnerability

CVE-2025-47865 – Trend Micro Apex Central Local File Inclusion Remote Code Execution

Google DeepMind CEO says “AGI is coming and I’m not sure society is ready” as the prospects keep him up at night

CVE-2024-13858 – Buddyboss Platform Stored Cross-Site Scripting Vulnerability

Prepare for Contact Center Week with Colleen Eager

CISA Releases Five Advisories Covering ICS Vulnerabilities & Exploits

Algernon – small self-contained pure-Go web server

CVE-2025-5323 – Fossasia Open-Event-Server Encryption Bypass Vulnerability

Related Posts