CVE-2025-66024 | xwiki-contrib application-blog-ui up to 9.15.6 Blog Post Title cross site scripting (GHSA-h2xq-h7f9-vh6c)

Inserito da Angelo Barbosa | Mar 5, 2026 | CVE

A vulnerability categorized as problematic has been discovered in xwiki-contrib application-blog-ui up to 9.15.6. This impacts an unknown function of the component Blog Post Title Handler. Executing a manipulation can lead to cross site scripting.

The identification of this vulnerability is CVE-2025-66024. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2025-66024 | xwiki-contrib application-blog-ui up to 9.15.6 Blog Post Title cross site scripting (GHSA-h2xq-h7f9-vh6c)

Post correlati

CVE-2024-7261 | Zyxel NWA1123ACv3/WAC500/WAX655E/WBE530/USG LITE 60AX Cookie host os command injection

CVE-2025-15230 | Tenda M3 1.0.0.13(4903) setVlanPolicyData formSetVlanPolicy qvlan_truck_port heap-based overflow

CVE-2025-0842 | needyamin Library Card System 1.0 Login admin.php email/password sql injection

CVE-2012-10017 | BestWebSoft Portfolio Plugin up to 2.04 on WordPress cross-site request forgery