Athul S

2 exploits Active since Feb 2025

CVE-2025-25461 NOMISEC MEDIUM WRITEUP

Seeddms - XSS

A Stored Cross-Site Scripting (XSS) vulnerability exists in SeedDMS 6.0.29. A user or rogue admin with the "Add Category" permission can inject a malicious XSS payload into the category name field. When a document is subsequently associated with this category, the payload is stored on the server and rendered without proper sanitization or output encoding. This results in the XSS payload executing in the browser of any user who views the document.

2 stars

CVSS 5.4

View Code

CVE-2025-25460 NOMISEC MEDIUM WRITEUP

Flatpress - XSS

A stored Cross-Site Scripting (XSS) vulnerability was identified in FlatPress 1.3.1 within the "Add Entry" feature. This vulnerability allows authenticated attackers to inject malicious JavaScript payloads into blog posts, which are executed when other users view the posts. The issue arises due to improper input sanitization of the "TextArea" field in the blog entry submission form.

1 stars

CVSS 4.8

View Code