Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 485

Warning: Undefined variable $scrape_url_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 525

Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

CVE-2025-5420

A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Publication date: Mon, 02 Jun 2025 00:00:00 +0000

Cyber News related to CVE-2025-5420

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server. It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
5 months ago Cybersecuritynews.com CVE-2024-5594

Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
1 month ago Krebsonsecurity.com CVE-2025-53770

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2025-5420 - A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument ...
3 months ago

CVE-2016-7141 - curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file ...
6 years ago

CVE-2019-5420 - A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails ...
3 years ago

CVE-2014-5420 - CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors. ...
10 years ago

CVE-2006-5420 - Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. Upgrade to 6.2.3 ...
8 years ago

CVE-2013-5420 - The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. ...
8 years ago

CVE-2017-5420 - A "javascript:" url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly. ...
7 years ago

CVE-2008-5420 - The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. http://secunia.com/advisories/32801 ...
6 years ago

CVE-2007-5420 - The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's ...
6 years ago

CVE-2001-1037 - Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged. ...
6 years ago

CVE-2001-1038 - Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. ...
6 years ago

CVE-2002-1597 - Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (halt) via a fragmented packet to the Gigabit interface. ...
6 years ago

CVE-2002-1595 - Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. ...
6 years ago

CVE-2002-1596 - Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers. ...
6 years ago

CVE-2016-5420 - curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a ...
6 years ago

CVE-2015-5420 - Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. ...
6 years ago

CVE-2018-10488 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a ...
5 years ago

CVE-2020-5420 - Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the ...
4 years ago

CVE-2018-21054 - An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is ...
2 years ago

CVE-2018-5420 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none ...
55 years ago Tenable.com

CVE-2024-5420 - Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS)..This issue affects utnserver Pro, utnserver ProMAX, INU-100 ...
1 year ago

CVE-2024-36968 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
6 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861