https://martinkubecka.sk/security-advisories/ Recent content in Security Advisories on Martin Kubečka https://martinkubecka.sk/images/avatar_transparent.png https://martinkubecka.sk/images/avatar_transparent.png Hugo -- gohugo.io Tue, 01 Jul 2025 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2025-56683/ Tue, 01 Jul 2025 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2025-56683/ A DOM-based XSS vulnerability in Logseq version 0.10.9 allows Remote Code Execution by injecting malicious JavaScript through unsanitized plugin README content combined with insufficient protocol validation. https://martinkubecka.sk/security-advisories/cve-2023-47622/ Mon, 15 Apr 2024 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2023-47622/ Reflected XSS vulnerability in multiple query parameters of Combodo iTop’s render endpoint allows JavaScript injection and execution. https://martinkubecka.sk/security-advisories/cve-2021-41433/ Wed, 22 Jun 2022 00:00:01 +0000 https://martinkubecka.sk/security-advisories/cve-2021-41433/ SQL injection vulnerability in EGavilan Media's Resumes Management and Job application allows unauthenticated attackers to bypass login authentication. https://martinkubecka.sk/security-advisories/cve-2021-41432/ Wed, 22 Jun 2022 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2021-41432/ Stored XSS vulnerability in FlatPress 1.2.1 allows arbitrary JavaScript execution via crafted post content. https://martinkubecka.sk/security-advisories/cve-2021-41434/ Wed, 22 Jun 2022 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2021-41434/ Stored XSS vulnerability in Expense Management System 1.0 allows arbitrary JavaScript execution via expense description input. https://martinkubecka.sk/security-advisories/cve-2021-37413/ Thu, 01 Jul 2021 00:00:00 +0000 https://martinkubecka.sk/security-advisories/cve-2021-37413/ Unauthenticated SQL injection vulnerability in GRANDCOM CMS allows login bypass via crafted username.