CVE-2025-4551 | ContiNew Admin up to 3.6.0 /dev-api/common/file File cross site scripting

Inserito da Angelo Barbosa | Mag 10, 2025 | CVE

A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the argument File leads to cross site scripting.

This vulnerability is traded as CVE-2025-4551. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-4551 | ContiNew Admin up to 3.6.0 /dev-api/common/file File cross site scripting

Post correlati

CVE-2023-50422 | SAP cloud-security-services-integration-library up to 2.16.x/3.2.x authorization

CVE-2023-29096 | BestWebSoft Contact Form to DB Plugin up to 1.7.0 on WordPress sql injection

CVE-2024-4172 | idcCMS 1.35 admin_cl.php cross-site request forgery

CVE-2024-33214 | Tenda FH1206 1.2.0.8(8155)_EN ip/goform/RouteStatic entrys stack-based overflow