660 matches found
PT-2025-16961 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: The issue concerns Cross Site Scripting XSS via the name parameter in the "/admin/pages account.php" API endpoint. This allows for potential malicious script injection. No...
CVE-2025-29015
Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...
CVE-2025-29015
CVE-2025-29015 affects Code Astro Internet Banking System 2.0.0. The vulnerability is an Cross Site Scripting (XSS) flaw that can be triggered via the name parameter in /admin/pages_account.php, allowing script injection. The issue is documented with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:R/S:...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
PT-2025-15988 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Remote Code Execution RCE vulnerability exists due to improper file upload validation in the profile pic parameter within pages view client.php. Recommendations: Code Astro...
CVE-2025-29017
Code Astro Internet Banking System 2.0.0 is reported vulnerable via the profile_pic parameter in pages_view_client.php due to improper file upload validation, allowing an attacker to upload a malicious PHP file and achieve Remote Code Execution (RCE). The linked exploit/documentation describes by...
CVE-2025-29017
A Remote Code Execution RCE vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profilepic parameter within pagesviewclient.php...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
PT-2025-15868 · Unknown · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: Code Astro Internet Banking System version 2.0.0 Description: A Stored Cross-Site Scripting XSS issue exists in the name parameter of pages add acc type.php in the Code Astro Internet Banking System. This allows for malicious script execution...
CVE-2025-29018
CVE-2025-29018 affects Code Astro Internet Banking System 2.0.0. The vulnerability is a Stored Cross-Site Scripting (XSS) in the name parameter of pages_add_acc_type.php. Core details: vulnerable component is the PHP page handler and the issue arises from unsanitized/reflective input in the name ...
CVE-2025-29018
A Stored Cross-Site Scripting XSS vulnerability exists in the name parameter of pagesaddacctype.php in Code Astro Internet Banking System 2.0.0...
@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +21 more potentially affected by CVE-2025-31125 via vite (>=6.0.0 <=6.0.11)
vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =5.0.0-alpha.37, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =1.0.6, =1.0.7 - @tuax/plugin-vite6...
@andrewzagorski/admin (>=4.25.19-patch.2 <=4.25.19-patch.3), @andrewzagorski/pack-up (=4.23.1-prerelease.2) +21 more potentially affected by CVE-2025-30208 via vite (>=6.0.0 <=6.0.11)
vite NPM version =6.0.0, =4.25.19-patch.2, =19.1.5, =5.0.0-alpha.37, =2.11.0, =2.11.0, =11.23.0, =0.0.0-experimental-13bd4c2-20250203-4e3af844, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =0.0.0-snapshot-1d99fea7d2ce2c7a5d9ed0a3752f8a7bda6bc3db, =1.0.6, =1.0.7 - @tuax/plugin-vite6...
Malicious code in storyblok-rich-text-astro-renderer-workspace (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ca413e5e4f59154a8de4096af868e37c16b2b9df85e5e20a341283c83e7b1db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...