9 matches found
EUVD-2025-12221
Malicious code in bioql PyPI...
CVE-2025-32960
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
CVE-2025-32960
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
CVE-2025-32960
The CVE-2025-32960 vulnerability affects the CUBA REST API add-on prior to 7.2.7, where the input parameter (file path and name) can be manipulated to cause the server to return Content-Type: text/html for names ending in .html, enabling execution of malicious JavaScript in the browser after an a...
CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint
The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...
PT-2025-17576 · Unknown · Cuba Rest Api Add-On
Name of the Vulnerable Software and Affected Versions: CUBA REST API add-on versions prior to 7.2.7 Description: The issue allows malicious JavaScript code to be executed in the browser by manipulating the input parameter, which consists of a file path and name, to return the Content-Type header...
CUBA REST API Add-on 跨站脚本漏洞
CUBA REST API Add-on is a general-purpose REST API open-sourced by CUBA Platform. A cross-site scripting vulnerability exists in CUBA REST API Add-on versions prior to 7.2.7, which stems from improper file path manipulation and could lead to malicious JavaScript execution...