CVE-2025-5407 – “Chaitak-Gorai Blogbook Cross-Site Scripting Vulnerability”

June 1, 2025

CVE ID : CVE-2025-5407

Published : June 1, 2025, 9:15 p.m. | 6 hours, 5 minutes ago

Description : A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5408 – WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 HTTP POST Request Handler Buffer Overflow

Next Article CVE-2025-5406 – “Chaitak-Gorai Blogbook Unrestricted File Upload Vulnerability”

Highlights

CVE-2025-2932 – JKDEVKIT WordPress Arbitrary File Deletion Vulnerability

July 3, 2025

CVE ID : CVE-2025-2932

Published : July 3, 2025, 1:15 p.m. | 1 hour, 41 minutes ago

Description : The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘font_upload_handler’ function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). If WooCommerce is enabled, attackers will need Contributor-level access and above.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5407 – “Chaitak-Gorai Blogbook Cross-Site Scripting Vulnerability”

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

CVE-2025-5455 – Qt Denial of Service Vulnerability in qDecodeDataUrl Function

We’re expanding our Gemini 2.5 family of models

AdvPhishing — Advanced Phishing Toolkit

CVE-2025-7417 – Tenda O3V2 HTTPd Stack-Based Buffer Overflow

CVE-2025-2932 – JKDEVKIT WordPress Arbitrary File Deletion Vulnerability

Hello Robo’s Rebrand: Distilling Complex Tech Into Interfaces Anyone Can Use

CVE-2025-53941 – Hollo ActivityPub HTML Injection Vulnerability

CVE-2025-5001 – GNU PSPP calloc Integer Overflow Vulnerability

CVE-2025-5407 – “Chaitak-Gorai Blogbook Cross-Site Scripting Vulnerability”

Related Posts