{
"Source": "CVE FEED",
"Title": "CVE-2025-54046 - QuanticaLabs Cost Calculator Cross-site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-54046
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54046 - QuanticaLabs Cost Calculator Cross-site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-54046
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs Cost Calculator allows Stored XSS. This issue affects Cost Calculator: from n/a through 7.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54034 - Tribulant Software Newsletters PHP Remote File Inclusion Vulnerability",
"Content": "CVE ID : CVE-2025-54034
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54034 - Tribulant Software Newsletters PHP Remote File Inclusion Vulnerability",
"Content": "CVE ID : CVE-2025-54034
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54049 - miniOrange Custom API for WP Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-54049
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54049 - miniOrange Custom API for WP Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-54049
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54021 - Mitchell Bennis Simple File List Path Traversal",
"Content": "CVE ID : CVE-2025-54021
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal. This issue affects Simple File List: from n/a through 6.1.14.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54021 - Mitchell Bennis Simple File List Path Traversal",
"Content": "CVE ID : CVE-2025-54021
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Mitchell Bennis Simple File List allows Path Traversal. This issue affects Simple File List: from n/a through 6.1.14.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54025 - RelyWP Coupon Affiliates Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-54025
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54025 - RelyWP Coupon Affiliates Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-54025
Published : Aug. 20, 2025, 8:15 a.m. | 1 hour, 11 minutes ago
Description : Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Coupon Affiliates: from n/a through 6.4.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57732 - JetBrains TeamCity Directory Ownership Escalation",
"Content": "CVE ID : CVE-2025-57732
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57732 - JetBrains TeamCity Directory Ownership Escalation",
"Content": "CVE ID : CVE-2025-57732
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57733 - JetBrains TeamCity SMTP Injection Vulnerability",
"Content": "CVE ID : CVE-2025-57733
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57733 - JetBrains TeamCity SMTP Injection Vulnerability",
"Content": "CVE ID : CVE-2025-57733
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57734 - JetBrains TeamCity AWS Credentials Exposed",
"Content": "CVE ID : CVE-2025-57734
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57734 - JetBrains TeamCity AWS Credentials Exposed",
"Content": "CVE ID : CVE-2025-57734
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57727 - JetBrains IntelliJ IDEA Remote Reference Credentials Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-57727
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57727 - JetBrains IntelliJ IDEA Remote Reference Credentials Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-57727
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57728 - JetBrains IntelliJ IDEA Code With Me Guest File Disclosure",
"Content": "CVE ID : CVE-2025-57728
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57728 - JetBrains IntelliJ IDEA Code With Me Guest File Disclosure",
"Content": "CVE ID : CVE-2025-57728
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57729 - JetBrains IntelliJ IDEA Plugin Startup Vulnerability",
"Content": "CVE ID : CVE-2025-57729
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57729 - JetBrains IntelliJ IDEA Plugin Startup Vulnerability",
"Content": "CVE ID : CVE-2025-57729
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57730 - JetBrains IntelliJ IDEA HTML Injection Vulnerability",
"Content": "CVE ID : CVE-2025-57730
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57730 - JetBrains IntelliJ IDEA HTML Injection Vulnerability",
"Content": "CVE ID : CVE-2025-57730
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-57731 - JetBrains YouTrack Stored XSS",
"Content": "CVE ID : CVE-2025-57731
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-57731 - JetBrains YouTrack Stored XSS",
"Content": "CVE ID : CVE-2025-57731
Published : Aug. 20, 2025, 10:15 a.m. | 1 hour, 12 minutes ago
Description : In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-9229 - MiR Error Handling Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-9229
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-9229 - MiR Error Handling Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-9229
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5261 - Pik Online Authorization Bypass Through User-Controlled Key",
"Content": "CVE ID : CVE-2025-5261
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5261 - Pik Online Authorization Bypass Through User-Controlled Key",
"Content": "CVE ID : CVE-2025-5261
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Exploitation of Trusted Identifiers.This issue affects Pik Online: before 3.1.5.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-9228 - MiR Text Note Authorization Bypass",
"Content": "CVE ID : CVE-2025-9228
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes,
allowing low-privilege users to create notes which are intended only for administrative users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-9228 - MiR Text Note Authorization Bypass",
"Content": "CVE ID : CVE-2025-9228
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes,
allowing low-privilege users to create notes which are intended only for administrative users.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5260 - Pik Online Yazılım Çözümleri A.Ş. Pik Online SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-5260
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5260 - Pik Online Yazılım Çözümleri A.Ş. Pik Online SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-5260
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-39954 - Apache EventMesh SSRF",
"Content": "CVE ID : CVE-2024-39954
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources.
Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-39954 - Apache EventMesh SSRF",
"Content": "CVE ID : CVE-2024-39954
Published : Aug. 20, 2025, 9:15 a.m. | 2 hours, 12 minutes ago
Description : CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources.
Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54172 - QuickCMS Stored XSS Vulnerability in sTitle Parameter",
"Content": "CVE ID : CVE-2025-54172
Published : Aug. 20, 2025, 1:15 p.m. | 21 minutes ago
Description : QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into the page.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54172 - QuickCMS Stored XSS Vulnerability in sTitle Parameter",
"Content": "CVE ID : CVE-2025-54172
Published : Aug. 20, 2025, 1:15 p.m. | 21 minutes ago
Description : QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into the page.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54174 - QuickCMS Cross-Site Request Forgery (CSRF) in Article Creation",
"Content": "CVE ID : CVE-2025-54174
Published : Aug. 20, 2025, 1:15 p.m. | 21 minutes ago
Description : QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54174 - QuickCMS Cross-Site Request Forgery (CSRF) in Article Creation",
"Content": "CVE ID : CVE-2025-54174
Published : Aug. 20, 2025, 1:15 p.m. | 21 minutes ago
Description : QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54175 - QuickCMS Reflected XSS in Thumbnail Viewer sFileName Parameter",
"Content": "CVE ID : CVE-2025-54175
Published : Aug. 20, 2025, 1:15 p.m. | 21 minutes ago
Description : QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-54175 - QuickCMS Reflected XSS in Thumbnail Viewer sFileName Parameter",
"Content": "CVE ID : CVE-2025-54175
Published : Aug. 20, 2025, 1:15 p.m. | 21 minutes ago
Description : QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened.
The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "20 Aug 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹