2 matches found
CVE-2025-55040
The CVE-2025-55040 issue affects MuraCMS 10.1.10 and earlier, due to a CSRF token validation flaw in the cForm.importform function. This allows an authenticated admin visiting a crafted page to upload and install attacker-controlled form definitions via a forged ZIP file, potentially creating dat...
Remote code execution
libxl provides Node bindings for the libxl library for reading and writing excel XLS and XLSX spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an...