CVE-2025-48922 – Drupal GLightbox Cross-Site Scripting (XSS) Vulnerability

June 26, 2025

CVE ID : CVE-2025-48922

Published : June 26, 2025, 2:15 p.m. | 49 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before 1.0.16.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48923 – Drupal Toc.Js Cross-Site Scripting (XSS)

Next Article CVE-2025-6693 – RT-Thread Device Memory Corruption Vulnerability

Highlights

CVE-2025-4494 – JAdmin-JAVA Remote Authentication Bypass

May 9, 2025

CVE ID : CVE-2025-4494

Published : May 9, 2025, 10:15 p.m. | 2 hours, 3 minutes ago

Description : A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

5+ WordPress Plugins for Developers To Use in 2025

April 25, 2025

AI updates from the past week: OpenAI Codex adds internet access, Mistral releases coding assistant, and more — June 6, 2025

June 6, 2025

SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem

June 18, 2025

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

My laptop webcam wasn’t cutting it for video calls – then I discovered this accessory

The top 6 TVs ZDNET readers are buying (no. 1 has the best picture quality we’ve ever seen)

You should probably delete any sensitive screenshots you have in your phone right now. Here’s why

Can these $100 Android phones replace my flagship? The result after weeks of testing

A bot posting the Echo JS RSS feed to Bluesky

A bot posting the Echo JS RSS feed to Bluesky

Accepting Multiple Parameters in Laravel Commands

Translate Your App to Other Languages With Laravel Gemini Translator

Distribution Release: deepin 25

Distribution Release: deepin 25

SpicyPass is a lightweight password manager

Raspberry Pi 5 Desktop Mini PC: 2.5Gbps Networking

CVE-2025-48922 – Drupal GLightbox Cross-Site Scripting (XSS) Vulnerability

CVE-2025-3722 – Symantec ePO Path Traversal Vulnerability

CVE-2025-3771 – Acronis True Image Local File Write

CVE-2024-51977 – HP Printer Information Disclosure

I’ve had a ton of fun playing Skin Deep, but I hope the developers fix the game’s crashing problems

Backups Are Under Attack: How to Protect Your Backups

Ubuntu Security Reinvented: Hardening Your System with AppArmor

CVE-2025-4494 – JAdmin-JAVA Remote Authentication Bypass

5+ WordPress Plugins for Developers To Use in 2025

AI updates from the past week: OpenAI Codex adds internet access, Mistral releases coding assistant, and more — June 6, 2025

SEC Consult SA-20250611-0 :: Undocumented Root Shell Access on SIMCom SIM7600G Modem

CVE-2025-48922 – Drupal GLightbox Cross-Site Scripting (XSS) Vulnerability

Related Posts