CVE-2025-5990 | Arcadia Crafty Controller up to 4.2.3/4.3.2/4.4.9 Server Name Form/API Key Form cross site scripting (Issue 567)

Inserito da Angelo Barbosa | Giu 15, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in Arcadia Crafty Controller up to 4.2.3/4.3.2/4.4.9. This issue affects some unknown processing of the component Server Name Form/API Key Form. The manipulation leads to cross site scripting.

The identification of this vulnerability is CVE-2025-5990. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-5990 | Arcadia Crafty Controller up to 4.2.3/4.3.2/4.4.9 Server Name Form/API Key Form cross site scripting (Issue 567)

Post correlati

CVE-2023-6671 | OJS Open Journal Systems 3.3.0.13 cross-site request forgery

CVE-2025-24802 | 0xPolygonZero plonky2 1.0.0 a cryptographic primitive with a risky implementation (GHSA-hj49-h7fq-px5h)

CVE-2024-13559 | marsian TemplatesNext ToolKit Plugin up to 3.2.9 on WordPress Shortcode tx_woo_wishlist_table cross site scripting

CVE-2025-21417 | Microsoft Windows up to Server 2025 Telephony Service heap-based overflow