CVE-2025-12064

The CVE-2025-12064 entry concerns the WP2Social Auto Publish WordPress plugin. A Reflected Cross-Site Scripting (XSS) via PostMessage exists in all versions up to and including 2.4.7 due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject scripts i...

CVE-2025-12064 WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage

The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-12064 WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage

The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2025-45546

Name of the Vulnerable Software and Affected Versions WP2Social Auto Publish versions through 2.4.7 Description The WP2Social Auto Publish plugin for WordPress is susceptible to Reflected Cross-Site Scripting via PostMessage due to inadequate input sanitization and output escaping. This allows...

CVE-2025-12245 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

CVE-2025-12245 chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation

A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of th...

CVE-2025-12245

Chatwoot before 4.7.0 is affected by a vulnerability in the Widget component, specifically the initPostMessageCommunication function in app/javascript/sdk/IFrameHelper.js, where manipulating the baseUrl argument triggers an origin validation error. The issue allows remote exploitation and has bee...

EUVD-2025-25428

Malicious code in bioql PyPI...

EUVD-2025-31347

Malicious code in bioql PyPI...

CVE-2025-59845 Apollo Embedded Sandbox and Explorer vulnerable to CSRF via window.postMessage origin-validation bypass

Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery CSRF vulnerability was identified. The vulnerability arises from missing orig...

CVE-2025-59845

CVE-2025-59845 covers a CSRF flaw in Apollo Studio Embeddable Sandbox and Embeddable Explorer caused by missing origin validation in window.postMessage handling. The issue affects embedded Sandbox/Explorer prior to versions 2.7.2 and 3.7.3, allowing a malicious site to forge messages that trigger...

Cross-site Request Forgery (CSRF)

Overview @apollo/sandbox is a This repo hosts the source for Apollo Studio's Embeddable Sandbox Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via missing origin validation in the window.postMessage process. An attacker can execute unauthorized GraphQL queries...

Apollo Studio Embeddable Explorer & Embeddable Sandbox 跨站请求伪造漏洞

Apollo Studio Embeddable Explorer & Embeddable Sandbox is an open source vectorization tool for Apollo GraphQL. A cross-site request forgery vulnerability exists in Apollo Studio Embeddable Explorer & Embeddable Sandbox, which stems from a lack of source validation when client code handles the...

PT-2025-39694

Name of the Vulnerable Software and Affected Versions Apollo Studio Embeddable Explorer versions prior to 3.7.3 Apollo Studio Embeddable Sandbox versions prior to 2.7.2 Description A cross-site request forgery CSRF issue was identified in Apollo Studio Embeddable Explorer and Embeddable Sandbox...

Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.

...

CVE-2025-6401

A vulnerability was found in TOTOLINK N300RH 6.1c.1390B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been...

CVE-2025-6401 TOTOLINK N300RH HTTP POST Message formFilter denial of service

A vulnerability was found in TOTOLINK N300RH 6.1c.1390B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been...

CVE-2025-6401

CVE-2025-6401 affects TOTOLINK N300RH (version 6.1c.1390 B20191101). The issue resides in the HTTP POST Message Handler, specifically the file /boafrm/formFilter, where manipulation of the url parameter leads to a denial of service. Exploitation has been disclosed publicly per multiple sources. P...

CVE-2025-6401 TOTOLINK N300RH HTTP POST Message formFilter denial of service

A vulnerability was found in TOTOLINK N300RH 6.1c.1390B20191101. It has been classified as problematic. This affects an unknown part of the file /boafrm/formFilter of the component HTTP POST Message Handler. The manipulation of the argument url leads to denial of service. The exploit has been...

CVE-2025-6400 TOTOLINK N300RH HTTP POST Message formPortFw buffer overflow

A vulnerability was found in TOTOLINK N300RH 6.1c.1390B20191101 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formPortFw of the component HTTP POST Message Handler. The manipulation of the argument servicetype leads to buffer overflow. The...