CyberSecurityBoard
Sponsor Register Login

CVE-2025-4323

A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Publication date: Tue, 06 May 2025 05:00:00 +0000


Cyber News related to CVE-2025-4323

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
1 month ago Cybersecuritynews.com CVE-2024-5594
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
2 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
1 month ago Bleepingcomputer.com CVE-2025-30456
CVE-2025-4323 - A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The ...
10 hours ago
CVE-2011-4323 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2726. Reason: This candidate is a duplicate of CVE-2011-2726. Notes: All CVE users should reference CVE-2011-2726 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com
CVE-2009-4323 - The installation for Zen Cart stores sensitive information and insecure programs under the (1) docs, (2) extras, and (3) zc_install folders, and (4) install.txt, which allows remote attackers to obtain sensitive information, delete the database, and ...
15 years ago
CVE-2007-5715 - DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login ...
16 years ago
CVE-2007-4323 - DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in ...
7 years ago
CVE-2016-4323 - A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can ...
8 years ago
CVE-2005-4323 - Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial ...
7 years ago
CVE-2015-4323 - Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 7.3(0)ZN(0.9); Nexus 3000 devices 6.0(2)U5(1.41), 7.0(3)I2(0.373), and 7.3(0)ZN(0.83); Nexus 4000 devices 4.1(2)E1(1b); Nexus 7000 devices 6.2(14)S1; Nexus 9000 devices ...
7 years ago
CVE-2008-4323 - Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file. ...
7 years ago
CVE-2010-4323 - Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks Configuration Manager (ZCM) 10.3.1, 10.3.2, and 11.0, and earlier versions, allows remote attackers to execute arbitrary code via a long TFTP request. ...
6 years ago
CVE-2006-4323 - SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. ...
6 years ago
CVE-2018-4323 - Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. ...
6 years ago
CVE-2020-4323 - IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...
4 years ago
CVE-2019-4323 - "HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame." ...
4 years ago
CVE-2014-4323 - The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and ...
4 years ago
CVE-2022-4323 - The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present ...
2 years ago
CVE-2021-4323 - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security ...
1 year ago
CVE-2023-4323 - Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup ...
1 year ago
CVE-2013-4323 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none ...
55 years ago Tenable.com
CVE-2017-4323 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-4323 - A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution. ...
11 months ago
CISA Warns of Windows NTFS Vulnerability Actively Exploited to Access Sensitive Data - In an era where file system vulnerabilities comprise 23% of KEV entries, the March 2025 advisories serve as a stark reminder: patch, segment, and verify—before attackers exploit the gaps. These flaws CVE-2025-24984, CVE-2025-24991, CVE-2025-24993, ...
1 month ago Cybersecuritynews.com CVE-2025-24984

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)