CVE-2025-48873 - Apache Web Framework Remote Code Execution Vulnerability
CVE ID : CVE-2025-48873
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5256. Reason: This candidate is a duplicate of CVE-2025-5256. Notes: All CVE users should reference CVE-2025-5256 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48873
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5256. Reason: This candidate is a duplicate of CVE-2025-5256. Notes: All CVE users should reference CVE-2025-5256 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48874 - Apache HTTP Server Insecure Deserialization
CVE ID : CVE-2025-48874
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5257. Reason: This candidate is a duplicate of CVE-2025-5257. Notes: All CVE users should reference CVE-2025-5257 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48874
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5257. Reason: This candidate is a duplicate of CVE-2025-5257. Notes: All CVE users should reference CVE-2025-5257 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48882 - PHPOffice Math XML External Entity (XXE) Vulnerability
CVE ID : CVE-2025-48882
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48882
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml` extension and the `LIBXML_DTDLOAD` flag without additional filtration, leads to XXE. Version 0.3.0 fixes the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48946 - Liboqs HQC Algorithmic Design Flaw Vulnerability
CVE ID : CVE-2025-48946
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48946
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design flaw which leads to large numbers of malformed ciphertexts sharing the same implicit rejection value. Currently, no concrete attack on the algorithm is known. However, prospective users of HQC must take extra care when using the algorithm in protocols involving key derivation. In particular, HQC does not provide the same security guarantees as Kyber or ML-KEM. There is currently no patch for the HQC flaw available in liboqs, so HQC is disabled by default in liboqs starting from version 0.13.0. OQS will update its implementation after the HQC team releases an updated algorithm specification.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48948 - Navidrome Unauthorized Transcoding Configuration
CVE ID : CVE-2025-48948
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48948
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48949 - Navidrome SQL Injection Vulnerability
CVE ID : CVE-2025-48949
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48949
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5360 - Campcodes Online Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5360
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /book-appointment.php. The manipulation of the argument doctor leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5360
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : A vulnerability classified as critical was found in Campcodes Online Hospital Management System 1.0. This vulnerability affects unknown code of the file /book-appointment.php. The manipulation of the argument doctor leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5361 - Campcodes Online Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5361
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. This issue affects some unknown processing of the file /contact.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5361
Published : May 30, 2025, 8:15 p.m. | 1 hour, 16 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Campcodes Online Hospital Management System 1.0. This issue affects some unknown processing of the file /contact.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5362 - Campcodes Online Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5362
Published : May 30, 2025, 9:15 p.m. | 17 minutes ago
Description : A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5362
Published : May 30, 2025, 9:15 p.m. | 17 minutes ago
Description : A vulnerability, which was classified as critical, was found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5363 - Campcodes Online Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5363
Published : May 30, 2025, 9:15 p.m. | 17 minutes ago
Description : A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /doctor/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5363
Published : May 30, 2025, 9:15 p.m. | 17 minutes ago
Description : A vulnerability has been found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /doctor/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5364 - Campcodes Online Hospital Management System SQL Injection
CVE ID : CVE-2025-5364
Published : May 30, 2025, 10:15 p.m. | 3 hours, 17 minutes ago
Description : A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /doctor/add-patient.php. The manipulation of the argument patname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5364
Published : May 30, 2025, 10:15 p.m. | 3 hours, 17 minutes ago
Description : A vulnerability was found in Campcodes Online Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /doctor/add-patient.php. The manipulation of the argument patname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2018-25111 - Django-Helpdesk Sensitive Data Exposure
CVE ID : CVE-2018-25111
Published : May 31, 2025, 1:15 a.m. | 17 minutes ago
Description : django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2018-25111
Published : May 31, 2025, 1:15 a.m. | 17 minutes ago
Description : django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5365 - Campcodes Online Hospital Management System SQL Injection Vulnerability
CVE ID : CVE-2025-5365
Published : May 31, 2025, 1:15 a.m. | 17 minutes ago
Description : A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5365
Published : May 31, 2025, 1:15 a.m. | 17 minutes ago
Description : A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5367 - "PHPGurukul Online Shopping Portal SQL Injection Vulnerability"
CVE ID : CVE-2025-5367
Published : May 31, 2025, 2:15 a.m. | 3 hours, 17 minutes ago
Description : A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5367
Published : May 31, 2025, 2:15 a.m. | 3 hours, 17 minutes ago
Description : A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5016 - Relevanssi WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-5016
Published : May 31, 2025, 4:15 a.m. | 1 hour, 17 minutes ago
Description : The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5016
Published : May 31, 2025, 4:15 a.m. | 1 hour, 17 minutes ago
Description : The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free) and 2.27.6 (Premium) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5368 - PHPGurukul Daily Expense Tracker System SQL Injection Vulnerability
CVE ID : CVE-2025-5368
Published : May 31, 2025, 4:15 a.m. | 1 hour, 17 minutes ago
Description : A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5368
Published : May 31, 2025, 4:15 a.m. | 1 hour, 17 minutes ago
Description : A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. This issue affects some unknown processing of the file /expense-yearwise-reports-detailed.php. The manipulation of the argument todate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5369 - SourceCodester PHP Display Username After Login SQL Injection Vulnerability
CVE ID : CVE-2025-5369
Published : May 31, 2025, 5:15 a.m. | 17 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5369
Published : May 31, 2025, 5:15 a.m. | 17 minutes ago
Description : A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5370 - PHPGurukul News Portal SQL Injection Vulnerability
CVE ID : CVE-2025-5370
Published : May 31, 2025, 6:15 a.m. | 3 hours, 17 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5370
Published : May 31, 2025, 6:15 a.m. | 3 hours, 17 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4103 - WordPress WP-GeoMeta Privilege Escalation Vulnerability
CVE ID : CVE-2025-4103
Published : May 31, 2025, 7:15 a.m. | 2 hours, 17 minutes ago
Description : The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4103
Published : May 31, 2025, 7:15 a.m. | 2 hours, 17 minutes ago
Description : The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4590 - Daisycon prijsvergelijkers WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4590
Published : May 31, 2025, 7:15 a.m. | 2 hours, 17 minutes ago
Description : The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4590
Published : May 31, 2025, 7:15 a.m. | 2 hours, 17 minutes ago
Description : The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4595 - FastSpring for WordPress Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4595
Published : May 31, 2025, 7:15 a.m. | 2 hours, 17 minutes ago
Description : The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4595
Published : May 31, 2025, 7:15 a.m. | 2 hours, 17 minutes ago
Description : The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the 'color' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...