CVE-2025-10485 | pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489 HTTP Header /login ppt_log X-Forwarded-For cross site scripting

A vulnerability classified as problematic was found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function ppt_log of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting.

This vulnerability is listed as CVE-2025-10485. The attack may be performed from remote. In addition, an exploit is available.

This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

CVE-2025-10485 | pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489 HTTP Header /login ppt_log X-Forwarded-For cross site scripting

Post correlati

CVE-2025-0798 | MicroWorld eScan Antivirus 7.0.32 on Linux Quarantine rtscanner os command injection

CVE-2024-32880 | pyload-ng unrestricted upload

CVE-2024-7713 | AYS AI ChatBot with ChatGPT and Content Generator Plugin Open AI API Key information disclosure

CVE-2024-31139 | JetBrains TeamCity prior 2024.03 Maven Build Steps Detector xml external entity reference