devansh.pal507

5 exploits Active since Aug 2025
CVE-2025-55742 WRITEUP HIGH WRITEUP
UnoPim < 0.2.1 - Stored Cross-Site Scripting via SVG MIME/Sanitizer Bypass
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1.
CVSS 8.0
CVE-2025-55742 WRITEUP HIGH WRITEUP
UnoPim < 0.2.1 - Stored Cross-Site Scripting via SVG MIME/Sanitizer Bypass
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1.
CVSS 8.0
CVE-2025-55741 WRITEUP HIGH WRITEUP
UnoPim < 0.3.1 - Unauthenticated Improper Access Control via Mass-Delete Endpoint
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.
CVSS 8.1
CVE-2025-55742 WRITEUP HIGH WRITEUP
UnoPim < 0.2.1 - Stored Cross-Site Scripting via SVG MIME/Sanitizer Bypass
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Before 0.2.1, UnoPim contains a stored cross-site scripting vulnerability via SVG MIME/sanitizer bypass in the /admin/settings/users/create endpoint. This vulnerability is fixed in 0.2.1.
CVSS 8.0
CVE-2025-55745 WRITEUP HIGH WRITEUP
UnoPim < 0.3.1 - CSV Injection via Quick Export Feature
UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported CSV files. When the CSV file is opened in spreadsheet applications such as Microsoft Excel, the malicious input may be interpreted as a formula or command, potentially resulting in the execution of arbitrary code on the victim's device. Successful exploitation can lead to remote code execution, including the establishment of a reverse shell. Users are advised to upgrade to version 0.3.1 or later.
CVSS 8.8