Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/03 7:15 p.m.17 views

CVE-2025-36558

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS7AI score0.14477EPSS
Exploits0References1
NVD
NVD
added 2025/05/01 7:15 p.m.13 views

CVE-2025-36558

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS0.14477EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/01 6:44 p.m.32 views

CVE-2025-36558 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the ssotoken used for authentication. If an attacker provides the user with a PiCtory URL containing an HTML script as an ssotoken, that script will reply to the user and be executed...

6.1CVSS0.14477EPSS
Exploits0References2
CVE
CVE
added 2025/05/01 6:44 p.m.56 views

CVE-2025-36558

KUNBUS Revolution Pi PiCtory (versions 2.11.1 and earlier) is affected by multiple XSS and auth-related CVEs. The core issue is insufficient input sanitization of the sso_token in PiCtory, enabling reflected XSS via the token and stored XSS via crafted filenames; separate authentication bypass vi...

6.1CVSS6.2AI score0.14477EPSS
Exploits0References2
Rows per page
Query Builder