CVE-2025-49590 | CryptPad 1.1.1/3.0.0 Link Bouncer incomplete denylist to cross-site scripting (GHSA-vq9h-x3gr-v8rj)

Inserito da Angelo Barbosa | Giu 19, 2025 | CVE

A vulnerability, which was classified as problematic, was found in CryptPad 1.1.1/3.0.0. Affected is an unknown function of the component Link Bouncer. The manipulation leads to incomplete denylist to cross-site scripting.

This vulnerability is traded as CVE-2025-49590. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-49590 | CryptPad 1.1.1/3.0.0 Link Bouncer incomplete denylist to cross-site scripting (GHSA-vq9h-x3gr-v8rj)

Post correlati

CVE-2024-21870 | Open Automation Software OAS Platform 19.00.0057 OAS Engine Tags Configuration file inclusion (TALOS-2024-1950)

CVE-2024-28914 | Microsoft unknown vulnerability

CVE-2024-5340 | Ruijie RG-UAC up to 20240516 sub_commit.php key os command injection

CVE-2024-12311 | Icegram Email Subscribers Express Plugin up to 5.7.43 on WordPress sql injection