2 matches found
CVE-2025-29746
CVE-2025-29746 is a Cross Site Scripting (XSS) vulnerability in Koillection v1.6.10 that enables a remote attacker to escalate privileges through the collection, Wishlist, and album components. The vulnerability is documented across multiple sources (Red Hat, OSV, GitHub advisories, Snyk) with re...
CVE-2025-9747
Koillection vulnerability CVE-2025-9747 affects versions up to 1.6.18 due to an unknown function in assets/controllers/csrf_protection_controller.js, enabling cross-site request forgery. The issue can be exploited remotely, and the exploit has been disclosed publicly. A fix is available in versio...