PT-2026-5548

CVE-2026-25090 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-25090 Published : Jan. 30, 2026, 5:16 a.m. | 3 hours, 9 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

CVE-2024-25090

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted...

CVE-2020-25090

Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecommerce/publish.php...

CVE-2019-25090

A vulnerability was found in FreePBX arimanager up to 13.0.5.3 and classified as problematic. Affected by this issue is some unknown functionality of the component Views Handler. The manipulation of the argument dataurl leads to cross site scripting. The attack may be launched remotely. Upgrading...

CVE-2025-25090

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through = 4.1...

CVE-2025-25090 WordPress Dreamstime Stock Photos plugin <= 4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through = 4.1...

CVE-2025-25090 WordPress Dreamstime Stock Photos plugin <= 4.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dreamstime Dreamstime Stock Photos dreamstime-stock-photos allows Reflected XSS.This issue affects Dreamstime Stock Photos: from n/a through = 4.1...

CVE-2024-25090

creationtimestamp| type| source ---|---|--- 2024-07-26 12:09:14+00:00| seen| https://t.me/cvedetector/1672...

CVE-2024-25090 Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted...

CVE-2024-25090

Apache Roller is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description, and blogroll name fields across versions 5.0.0 to 6.1.2. The issue can be exploited by an authenticated user to pe...

CVE-2018-25090

creationtimestamp| type| source ---|---|--- 2024-03-13 10:31:16+00:00| seen| https://t.me/ctinow/206533 2024-03-13 10:31:18+00:00| seen| https://t.me/ctinow/206535...

CVE-2018-25090

CVE-2018-25090 maps to WAGO devices with a cross-site scripting flaw caused by improper neutralization of input during web page generation. An unauthenticated remote attacker can exploit this via network access; user interaction is required and the impact is limited to confidentiality and integri...

CVE-2018-25090 Wago: Improper Neutralization of Input During Web Page Generation in multiple devices

An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation. User interaction is required. This leads to a limited impact of confidentiality and integrity but no impact of availability...

CVE-2023-25090

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2023-25090

Summary (CVE-2023-25090, Milesight UR32L 32.3.0.5): The vtysh_ubus binary on UR32L is affected by multiple buffer-overflow vulnerabilities caused by unsafe sprintf usage in handling interface/ACL data. The flaws occur during operations such as handle_interface_acl and related firewall commands, w...

CVE-2023-25090

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2019-25090

creationtimestamp| type| source ---|---|--- 2022-12-27 16:22:17+00:00| seen| https://t.me/cibsecurity/55398...

CVE-2019-25090

FreePBX arimanager (Views Handler) up to version 13.0.5.3 is affected by a cross‑site scripting vulnerability triggered by manipulating the dataurl argument. The issue can be exploited remotely via the network and may impact confidentiality and integrity (low) with no availability impact. The fix...

CVE-2021-25090

creationtimestamp| type| source ---|---|--- 2022-04-11 18:16:08+00:00| seen| https://t.me/cibsecurity/40470...

CVE-2022-25090

Summary (CVE-2022-25090): Printix Secure Cloud Print Management (versions 1.3.1106.0 and earlier) creates a temporary file named temp.ini in a directory with insecure permissions, enabling a race-condition-based privilege escalation. The Red Hat advisory and multiple public sources corroborate th...