CVE-2025-5879 – WuKongOpenSource WukongCRM Remote Cross-Site Scripting Vulnerability

June 9, 2025

CVE ID : CVE-2025-5879

Published : June 9, 2025, 1:15 p.m. | 2 hours, 25 minutes ago

Description : A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5880 – Whistle Path Traversal Vulnerability

Next Article CVE-2025-5877 – Fengoffice XML External Entity Reference Vulnerability

Highlights

CVE-2025-4527 – Dígitro NGC Explorer Remote Code Execution Vulnerability

May 11, 2025

CVE ID : CVE-2025-4527

Published : May 11, 2025, 3:15 a.m. | 25 minutes ago

Description : A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

8 essential tips for using Figma Make

June 18, 2025

CVE-2025-46216 – Apache HTTP Server HTTP Request Smuggling

April 23, 2025

I had a blast playing LEGO Party! at Summer Game Fest 2025, and I’m looking forward to this zany family game later this year

June 10, 2025

The Ultimate Guide to Node.js Development Pricing for Enterprises

Stack Overflow: Developers’ trust in AI outputs is worsening year over year

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

From first commits to big ships: Tune into our new open source podcast

Exploring the Process of Building a Procedural 3D Kitchen Designer with Three.js

Chasing tech milestones, not just capital: key lessons from the Deeptech Hardware Napkin

Built to Move: A Closer Look at the Animations Behind Eduard Bodak’s Portfolio

The details of TC39’s last meeting

The details of TC39’s last meeting

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

How to Connect Two Monitors to One Laptop (Without the Headache)

How to Connect Two Monitors to One Laptop (Without the Headache)

Windows 11 Insider Dev & Beta Channel Preview Build 26200.5722 (KB5062669) Released with New Features

Microsoft Sued By Nayara Energy Over Cutting Services’ Access Amid EU-Russia Sanctions

CVE-2025-5879 – WuKongOpenSource WukongCRM Remote Cross-Site Scripting Vulnerability

CVE-2025-53078 – Samsung DMS Deserialization Code Execution Vulnerability

CVE-2025-8264 – “Z-Push SQL Injection Vulnerability”

HCL Commerce V9.1 – Coexistence of the Headless Next.js Ruby & Aurora Storefronts

China-Backed Hackers Target SentinelOne in ‘PurpleHaze’ Attack Spree

These 6 products helped me cut ties with cable – and save $1,200 a year

CVE-2025-46653 – Formidable File Name Guessing Vulnerability

CVE-2025-4527 – Dígitro NGC Explorer Remote Code Execution Vulnerability

8 essential tips for using Figma Make

CVE-2025-46216 – Apache HTTP Server HTTP Request Smuggling

I had a blast playing LEGO Party! at Summer Game Fest 2025, and I’m looking forward to this zany family game later this year

CVE-2025-5879 – WuKongOpenSource WukongCRM Remote Cross-Site Scripting Vulnerability

Related Posts