Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/06/05 12:3 a.m.13 views

CVE-2025-43924

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...

6.1CVSS6.3AI score0.00202EPSS
Exploits0References1
Circl
Circl
added 2025/06/03 3:49 p.m.15 views

CVE-2025-43924

creationtimestamp| type| source ---|---|--- 2025-06-03 15:49:40+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpndniq7pj2...

6.1CVSS7AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2025/06/03 3:15 p.m.28 views

CVE-2025-43924

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...

6.1CVSS0.00202EPSS
Exploits0References2
OSV
OSV
added 2025/06/03 3:15 p.m.4 views

CVE-2025-43924

Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...

6.1CVSS5.8AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2025/06/03 12:0 a.m.54 views

CVE-2025-43924

CVE-2025-43924 affects Unicom Focal Point 7.6.1. The stored XSS vulnerability arises from unsanitized input in two admin endpoints: val in SettingController (/fp/admin/settings/loginpage) and rootserviceurl in FriendsController (/fp/admin/settings/friends). Exploitation premise: an admin-entered ...

6.1CVSS6.4AI score0.00202EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder