4 matches found
CVE-2025-3790
CVE-2025-3790 affects baseweb JSite 1.0, impacting the /druid/index.html file of the Apache Druid Monitoring Console. Root cause: improper access controls that permit a remote attack. Public exploit details exist. All connected sources corroborate a lack of published fix/version update in the pro...
CVE-2025-3970
The CVE concerns baseweb JSite (versions up to 1.0). A cross-site scripting vulnerability is triggered by manipulating the Remarks argument in the /sys/office/save function. It is exploitable remotely, and multiple sources note that the exploit has been disclosed publicly. Practical impact is lim...
CVE-2025-3788
CVE-2025-3788 affects baseweb JSite 1.0. The vulnerability is in the file /a/sys/user/save where manipulating the Name parameter leads to cross-site scripting; the attack can be launched remotely and exploit details have been publicly disclosed. Multiple connected sources corroborate the presence...
CVE-2025-3789
CVE-2025-3789 affects baseweb JSite 1.0. The vulnerability is in the file /a/sys/area/save where manipulation of the Name parameter enables cross-site scripting. Exploitation is possible remotely, and public disclosure is noted. Connected sources consistently identify the affected component and a...