5 matches found
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
CVE-2025-45237
CVE-2025-45237 concerns DBSyncer v2.0.6 with an incorrect access control in the /config/download component. The issue could allow unauthenticated access to a JSON file that contains sensitive account information, including encrypted passwords. Impact is stated in sources as high confidentiality r...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...
CVE-2025-45236
A stored cross-site scripting XSS vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter...