Lucene search
K

32 matches found

RedhatCVE
RedhatCVE
added 2025/10/28 12:28 a.m.13 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS6.7AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 12:27 a.m.13 views

CVE-2025-54969

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...

6.1CVSS6.8AI score0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/28 12:27 a.m.10 views

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

6.5CVSS6.4AI score0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/27 6:31 p.m.4 views

EUVD-2025-36228

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS6.2AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/27 6:31 p.m.4 views

EUVD-2025-36206

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...

6.1CVSS6.3AI score0.00129EPSS
Exploits0References3
OSV
OSV
added 2025/10/27 6:15 p.m.4 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS6AI score0.00184EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 6:15 p.m.5 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.1CVSS0.00184EPSS
Exploits0References2
OSV
OSV
added 2025/10/27 5:15 p.m.5 views

CVE-2025-54969

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...

6.1CVSS5.8AI score0.00129EPSS
Exploits0References2
OSV
OSV
added 2025/10/27 5:15 p.m.6 views

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

6.5CVSS5.9AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 5:15 p.m.5 views

CVE-2025-54969

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...

6.1CVSS0.00129EPSS
Exploits0References2
NVD
NVD
added 2025/10/27 5:15 p.m.9 views

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

6.5CVSS0.0023EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.2 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

6.4AI score0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-43993

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description An XSS issue exists in the SOCET GXP Job Status Service. The service does not properly sanitize the job ID parameter before using it in the job status page. An attacker may be able to execute...

6.1CVSS6.4AI score0.00184EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.5 views

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP prior to version 4.6.0.2, which originates from an unauthenticated request from the SOCET GXP Job Status Service, and could cau...

6.5CVSS6.4AI score0.0023EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.10 views

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/27 12:0 a.m.13 views

CVE-2025-54969

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...

0.00129EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.4 views

CVE-2025-54969

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid user into clicking a malicious link or visiting a malicious website may be able to submit requests to the Job Status Service...

6.5AI score0.00129EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 12:0 a.m.7 views

EUVD-2025-36207

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

5.9AI score0.0023EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/27 12:0 a.m.4 views

CVE-2025-54970

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to authenticate requests. In some configurations, this may allow remote or local users to abort jobs or read information without the permissions of the job owner...

6.1AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.6 views

PT-2025-43989

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description The SOCET GXP Job Status Service lacks Cross-Site Request Forgery CSRF protections. An attacker could potentially trick a legitimate user into unknowingly submitting requests to the Job Statu...

6.1CVSS6.5AI score0.00129EPSS
Exploits0References4
Rows per page
Query Builder