vuquyen03

3 exploits Active since Dec 2025
CVE-2025-67288 WRITEUP CRITICAL WRITEUP
Umbraco Cms - Unrestricted File Upload
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself, a related issue to CVE-2023-49279.
CVSS 10.0
CVE-2025-67290 WRITEUP MEDIUM WRITEUP
Dotnetfoundation Piranha Cms - XSS
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
CVSS 6.1
CVE-2025-67291 WRITEUP MEDIUM WRITEUP
Dotnetfoundation Piranha Cms - XSS
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
CVSS 6.1