CVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

June 1, 2025

CVE ID : CVE-2025-5410

Published : June 1, 2025, 11:15 p.m. | 4 hours, 5 minutes ago

Description : A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.2 is able to address this issue. The patch is identified as db10ecb62ac832c1ed4924556d167efb9bc07fad. It is recommended to upgrade the affected component.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5411 – Mist Community Edition Cross-Site Scripting Vulnerability

Next Article CVE-2025-5409 – Mist Community Edition API Token Handler Remote Improper Access Control Vulnerability

Highlights

CVE-2025-53923 – Emlog Cross-Site Scripting Vulnerability

July 16, 2025

CVE ID : CVE-2025-53923

Published : July 16, 2025, 2:15 p.m. | 3 hours, 59 minutes ago

Description : Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Due to lack of sanitization it is possible to inject HTML/JS code into keyword parameter. If one persuades an user into clicking into prepared link it is possible to execute any JS code in admin’s browser. As of time of publication, no known patched versions exist.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

CVE-2025-20978 – PENUP Privilege Escalation Vulnerability

SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack

If you want more PlayStation games on Xbox, you’d better buy Helldivers 2 — Sony will go where the money does

CVE-2025-39380 – Mojoomla Hospital Management System File Upload Vulnerability

CVE-2025-53923 – Emlog Cross-Site Scripting Vulnerability

AI and Machine Learning in Selenium Testing: Revolutionizing Test Automation

Every PC and Xbox game shown during Sony’s PlayStation State of Play June 2025

CVE-2024-53591 – Seclore Brute Force Authentication Bypass

CVE-2025-5410 – Mist Community Edition Cross-Site Request Forgery (CSRF)

Related Posts