CVE-2025-59904
- EPSS 0.03%
- Veröffentlicht 16.02.2026 10:16:07
- Zuletzt bearbeitet 09.03.2026 20:44:29
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently in the context of users accessing ...
CVE-2025-59903
- EPSS 0.03%
- Veröffentlicht 16.02.2026 10:16:06
- Zuletzt bearbeitet 09.03.2026 20:01:14
Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content, which are then stored on the server and executed i...
CVE-2025-59905
- EPSS 0.03%
- Veröffentlicht 16.02.2026 09:49:45
- Zuletzt bearbeitet 09.03.2026 20:44:34
Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately refle...