Logo

CVE-2025-56683: DOM-based Cross-Site Scripting Leading to Remote Code Execution in Logseq Application

A DOM-based XSS vulnerability in Logseq version 0.10.9 allows Remote Code Execution by injecting malicious JavaScript through unsanitized plugin README content combined with insufficient protocol validation.
July 1, 2025 · 7 min · 1288 words · Martin Kubečka
Logo

CVE-2023-47622: Multiple Reflected Cross-Site Scripting Vulnerabilities in IT Service Management Platform iTop

Reflected XSS vulnerability in multiple query parameters of Combodo iTop’s render endpoint allows JavaScript injection and execution.
April 15, 2024 · 2 min · 301 words · Martin Kubečka
Logo

CVE-2021-41433: Authentication Bypass in Resumes Management by EGavilan Media

SQL injection vulnerability in EGavilan Media's Resumes Management and Job application allows unauthenticated attackers to bypass login authentication.
June 22, 2022 · 1 min · 186 words · Martin Kubečka
Logo

CVE-2021-41432: Stored Cross-Site Scripting Vulnerability in the Blog Content in FlatPress

Stored XSS vulnerability in FlatPress 1.2.1 allows arbitrary JavaScript execution via crafted post content.
June 22, 2022 · 2 min · 218 words · Martin Kubečka
Logo

CVE-2021-41434: Stored Cross-Site Scripting Vulnerability in Expense Management System by EGavilan Media

Stored XSS vulnerability in Expense Management System 1.0 allows arbitrary JavaScript execution via expense description input.
June 22, 2022 · 1 min · 193 words · Martin Kubečka
Logo

CVE-2021-37413: Authentication Bypass in Content Management System Provided by GRANDCOM, s.r.o.

Unauthenticated SQL injection vulnerability in GRANDCOM CMS allows login bypass via crafted username.
July 1, 2021 · 1 min · 193 words · Martin Kubečka