CVE-2025-11945 | toeverything AFFiNE up to 0.24.1 Avatar Upload Image Endpoint cross site scripting

Inserito da Angelo Barbosa | Ott 19, 2025 | CVE

A vulnerability labeled as problematic has been found in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting.

This vulnerability is traded as CVE-2025-11945. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-11945 | toeverything AFFiNE up to 0.24.1 Avatar Upload Image Endpoint cross site scripting

Post correlati

CVE-2025-6849 | code-projects Simple Forum 1.0 /forum_edit1.php text cross site scripting

CVE-2024-4020 | Tenda FH1206 1.2.0.8(8155) /goform/addressNat fromAddressNat entrys buffer overflow

CVE-2025-0296 | code-projects Online Book Shop 1.0 /booklist.php subcatid sql injection

CVE-2024-20359 | Cisco ASA/Firepower Threat Defense Legacy Capability code injection (cisco-sa-asaftd-persist-rce-FLsNXF4h)