CVE-2025-42990 – SAPUI5 Cross-Site Scripting (XSS)

June 9, 2025

CVE ID : CVE-2025-42990

Published : June 10, 2025, 1:15 a.m. | 23 minutes ago

Description : Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.

Severity: 3.0 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-42993 – SAP S/4HANA Unauthorized Event Consumption and Code Execution Vulnerability

Next Article CVE-2025-42989 – Apache HTTP Server Authentication Bypass Privilege Escalation

Highlights

CVE-2025-41393 – Ricoh Web Image Monitor Reflected Cross-Site Scripting Vulnerability

May 12, 2025

CVE ID : CVE-2025-41393

Published : May 12, 2025, 8:15 a.m. | 17 minutes ago

Description : Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendor under [References].

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

DistroWatch Weekly, Issue 1126

It’s the year of Linux… at least for Denmark — here’s why the country’s government is dumping Windows and Office 365

Grounded 2’s best feature is happening because Obsidian left the Xbox One behind

6 registry tweaks every tech-savvy user must apply on Windows 11

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

DistroWatch Weekly, Issue 1126

Find ASCII Emoji Easily with this GNOME Shell Applet

CVE-2025-42990 – SAPUI5 Cross-Site Scripting (XSS)

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft

One of last year’s best games is getting a sequel, and I can’t believe it’s coming out this soon

CVE-2025-47462 – Ohidul Islam Challan CSRF Privilege Escalation

Cynthia Nixon Palestine Shirt

FreedomBox – Debian-based distribution

CVE-2025-41393 – Ricoh Web Image Monitor Reflected Cross-Site Scripting Vulnerability

CVE-2025-47725 – Delta Electronics CNCSoft Remote Code Execution Vulnerability

OpenIndiana is a community supported illumos-based operating system

Android Wi-Fi Direct bug means hackers can reboot your device

CVE-2025-42990 – SAPUI5 Cross-Site Scripting (XSS)

Related Posts