CVE-2025-5420 – Juzaweb CMS Cross Site Scripting Vulnerability

June 1, 2025

CVE ID : CVE-2025-5420

Published : June 2, 2025, 12:15 a.m. | 3 hours, 5 minutes ago

Description : A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5421 – Juzaweb CMS Plugin Editor Page Remote Improper Access Control Vulnerability

Next Article CVE-2025-5412 – Mist Community Edition Cross-Site Scripting Vulnerability

Highlights

CVE-2025-3872 – Centreon centreon-web SQL Injection

April 24, 2025

CVE ID : CVE-2025-3872

Published : April 24, 2025, 10:15 a.m. | 28 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Centreon centreon-web (User configuration form modules) allows SQL Injection.

A user with high privileges is able to become administrator by intercepting the contact form request and altering its payload.

This issue affects Centreon: from 22.10.0 before 22.10.28, from 23.04.0 before 23.04.25, from 23.10.0 before 23.10.20, from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

ChatGPT now has an agent mode

Scrum Alliance and Kanban University partner to offer new course that teaches both methodologies

Is ChatGPT down? You’re not alone. Here’s what OpenAI is saying

I found a tablet that could replace my iPad and Kindle – and it’s worth every penny

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

Execute Ping Commands and Get Back Structured Data in PHP

Execute Ping Commands and Get Back Structured Data in PHP

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

I Made Kitty Terminal Even More Awesome by Using These 15 Customization Tips and Tweaks

Microsoft confirms active cyberattacks on SharePoint servers

How to Manually Check & Install Windows 11 Updates (Best Guide)

CVE-2025-5420 – Juzaweb CMS Cross Site Scripting Vulnerability

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

Developer Spotlight: Andrea Biason

Validate URLs Effectively with Laravel’s Str::isUrl Method

CVE-2025-3224 – Docker Desktop for Windows Elevation of Privilege Vulnerability

CVE-2025-3872 – Centreon centreon-web SQL Injection

CVE-2025-47110 – Adobe Commerce Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2025-4365 – Citrix NetScaler Console and NetScaler SDX SVM Arbitrary File Read Vulnerability

CVE-2025-5367 – “PHPGurukul Online Shopping Portal SQL Injection Vulnerability”

CVE-2025-5420 – Juzaweb CMS Cross Site Scripting Vulnerability

Related Posts