5 matches found
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...
CVE-2025-43924
creationtimestamp| type| source ---|---|--- 2025-06-03 15:49:40+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqpndniq7pj2...
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...
CVE-2025-43924
Cross Site Scripting vulnerability was discovered in Unicom Focal Point 7.6.1. The val parameter in SettingController for /fp/admin/settings/loginpage and the rootserviceurl parameter in FriendsController for /fp/admin/settings/friends, entered by an admin, allow stored XSS...
CVE-2025-43924
CVE-2025-43924 affects Unicom Focal Point 7.6.1. The stored XSS vulnerability arises from unsanitized input in two admin endpoints: val in SettingController (/fp/admin/settings/loginpage) and rootserviceurl in FriendsController (/fp/admin/settings/friends). Exploitation premise: an admin-entered ...