32 matches found
📄 RomM Cross Site Scripting / File Upload
RomM versions prior to 4.4.1 chained vulnerabilities exploit that leverages file upload to achieve cross site scripting that then leverages csrf token reuse to change a user's password. Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3...
RomM 4.4.0 - XSS_CSRF Chain
Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3. Replace below with your token 4. Replace with the target RomM instance URL e.g., http://romm.local 5. Save this file as avatar.html 6. Upload it as your profile avatar...
CVE-2025-65027
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...
CVE-2025-65096
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership...
CVE-2025-65027
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...
EUVD-2025-201129
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No...
CVE-2025-65096 RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership...
CVE-2025-65096
RomM (ROM Manager) prior to versions 4.4.1 and 4.4.1-beta.2 is vulnerable to Insecure Direct Object Reference (IDOR): an API access flaw that allows reading private or smart collections belonging to other users by directly supplying collection IDs, due to missing ownership verification/public/pri...
CVE-2025-65096 RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership...
CVE-2025-65027 RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...
EUVD-2025-201131
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...
CVE-2025-65027 RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the...
CVE-2025-65027
RomM (ROM Manager) is affected by multiple unrestricted file upload flaws that allow authenticated users to upload malicious SVG/HTML files. When accessed, the embedded JavaScript enables stored XSS, and, due to a CSRF misconfiguration, can lead to full administrative account takeover (rogue admi...
Romm 代码问题漏洞
Romm is a beautiful, powerful, self-hostable ROM manager and player open-sourced by The RomM Project. A code issue vulnerability exists in Romm versions prior to 4.4.1 and prior to 4.4.1-beta.2 that stems from the presence of multiple unrestricted file uploads, which could lead to stored cross-si...
Romm 安全漏洞
Romm is a beautiful, powerful, self-hostable ROM manager and player open-sourced by The RomM Project. A security vulnerability exists in Romm versions prior to 4.4.1 and prior to 4.4.1-beta.2, which stems from a lack of ownership validation and could lead to reading other users' private collectio...
Romm 安全漏洞
Romm is a beautiful, powerful, self-hostable ROM manager and player open-sourced by The RomM Project. A security vulnerability exists in Romm versions prior to 4.4.1 and prior to 4.4.1-beta.2, which stems from a lack of ownership validation and could lead to the deletion of other users' collectio...
PT-2025-47564
Name of the Vulnerable Software and Affected Versions RomM versions prior to 4.4.1 RomM version 4.4.1-beta.2 Description RomM ROM Manager enables users to manage their game collections through a user interface. A flaw exists where users can access private or smart collections belonging to other...
PT-2025-47565
Name of the Vulnerable Software and Affected Versions RomM versions prior to 4.4.1 RomM version 4.4.1-beta.2 Description RomM ROM Manager is a tool that allows users to manage their game collections. An authenticated user can delete collections belonging to other users by sending a DELETE request...
CVE-2025-54071
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...
CVE-2025-54071
RomM ROM Manager allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary file write vulnerability exists in the /api/saves endpoint. This can lead to Remote Code Execution on the...