CVE-2025-27444 – RSform!Pro Joomla Reflected Cross-Site Scripting (XSS)

June 4, 2025

CVE ID : CVE-2025-27444

Published : June 4, 2025, 8:15 a.m. | 3 hours, 19 minutes ago

Description : A reflected XSS vulnerability in RSform!Pro component 3.0.0 – 3.3.13 for Joomla was discovered. The issue arises from the improper handling of the filter[dateFrom] GET parameter, which is reflected unescaped in the administrative backend interface. This allows an authenticated attacker with admin or editor privileges to inject arbitrary JavaScript code by crafting a malicious URL.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13967 – EIBPORT Web Server Configuration Page Authentication Bypass

Next Article Asus adviseert fabrieksreset voor verwijderen van SSH-backdoor

Highlights

CVE-2025-49838 – GPT-SoVITS-WebUI Deserialize Vulnerability

July 16, 2025

CVE ID : CVE-2025-49838

Published : July 15, 2025, 9:15 p.m. | 5 hours, 38 minutes ago

Description : GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability in vr.py AudioPreDeEcho. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function. In uvr, a new instance of AudioPreDeEcho class is created with the model_path attribute containing the aforementioned user input (here called locally model_name). Note that in this step the .pth extension is added to the path. In the AudioPreDeEcho class, the user input, here called model_path, is used to load the model on that path with torch.load, which can lead to unsafe deserialization. At time of publication, no known patched versions are available.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-27444 – RSform!Pro Joomla Reflected Cross-Site Scripting (XSS)

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

Supplier order management: How a furniture retailer automated order confirmation processing

Last Week in AI #302 – QwQ 32B, OpenAI injunction refused, Alexa Plus

DeepMind’s latest research at ICLR 2023

KDE Continue Work on Slick New ‘First Run’ Setup Tool

CVE-2025-49838 – GPT-SoVITS-WebUI Deserialize Vulnerability

CVE-2025-40665 – TCMAN GIM Blind SQL Injection

What is NewSQL? Bridging SQL and NoSQL

Automotive App Development Company: Choose the Right Tech Partner

CVE-2025-27444 – RSform!Pro Joomla Reflected Cross-Site Scripting (XSS)

Related Posts