CVE-2025-12251 | OpenWGA 7.11.12 Build 737 Admin UI cross site scripting

Inserito da Angelo Barbosa | Ott 26, 2025 | CVE

A vulnerability marked as problematic has been reported in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting.

This vulnerability is documented as CVE-2025-12251. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-12251 | OpenWGA 7.11.12 Build 737 Admin UI cross site scripting

Post correlati

CVE-2025-10710 | 07FLYCMS/07FLY-CMS/07FlyCRM up to 20250831 /index.php Name cross site scripting

CVE-2024-57605 | Daylight Studio Fuel CMS 1.5.2 /fuel/blocks/ cross site scripting

CVE-2024-50625 | Digi ConnectPort LTS up to 1.4.11 HTTP POST Request unrestricted upload

CVE-2024-2920 | WP-Members Membership Plugin up to 3.4.9.3 on WordPress information disclosure