CVE-2025-6563 – MikroTik RouterOS Cross-Site Scripting

July 3, 2025

CVE ID : CVE-2025-6563

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : A cross-site scripting vulnerability is present in the hotspot of MikroTik’s RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When the victim browses to the malicious URL and logs in, the XSS executes. The POST request used to login, can also be converted to a GET request, allowing an attacker to send a specifically crafted URL that automatically logs in the victim (into the attacker’s account) and triggers the payload.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2537 – WordPress ThickBox Stored Cross-Site Scripting

Next Article CVE-2025-40722 – Flatboard Pro Stored XSS

Highlights

CVE-2025-32876 – COROS PACE 3 BLE Legacy Pairing Information Leak

June 20, 2025

CVE ID : CVE-2025-32876

Published : June 20, 2025, 2:15 p.m. | 28 minutes ago

Description : An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key (STK) can be easily guessed. This requires knowledge of the Temporary Key (TK), which, in the case of the COROS Pace 3, is set to 0 due to the Just Works pairing method. An attacker within Bluetooth range can therefore perform sniffing attacks, allowing eavesdropping on the communication.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

CVE-2025-6563 – MikroTik RouterOS Cross-Site Scripting

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

Cyble Launches Essential 8 Cybersecurity Support Package for Australian Financial Sector

How to Improve Web Accessibility with Landmarks – Explained with Examples

Qubit Pharmaceuticals harnesses quantum AI to crack chemistry’s greatest challenges

Top Advice and Words of Wisdom for New Perficient Colleagues

CVE-2025-32876 – COROS PACE 3 BLE Legacy Pairing Information Leak

Best Bread brand Hyderabad

Selenium Report Generation: A Detailed Analysis

CVE-2025-53703 – DuraComm SPM-500 Data Transmission Without Encryption Vulnerability

CVE-2025-6563 – MikroTik RouterOS Cross-Site Scripting

Related Posts