CVE-2025-29772

CVE-2025-29772 describes a reflected XSS vulnerability in OpenEMR, specifically involving the POST parameter hidden_subcategory that is echoed to CAMOS/new.php without proper sanitization. This affects OpenEMR prior to version 7.0.3 (fixed in 7.0.3). The vulnerability could allow an attacker to i...

PT-2016-7839 · Mapserver · Mapserver

Name of the Vulnerable Software and Affected Versions: MapServer versions prior to 7.0.3 Description: The issue is related to the OGR driver in MapServer, where error messages are too verbose. This verbosity may lead to the leakage of sensitive information if a data connection fails...