PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads into the Titlefield during topic creation or updates.

CVE-2025-60782 identifies a stored Cross-Site Scripting (XSS) vulnerability in PHP Education Manager version 1.0, specifically within the topics management module (topics.php). The vulnerability arises because the application fails to properly sanitize or encode user input in the Title field during topic creation or updates. This allows an attacker to inject malicious JavaScript payloads that are persistently stored on the server and subsequently executed in the browsers of users who view the affected topic pages. Stored XSS is particularly dangerous because it can lead to session hijacking, credential theft, defacement, or the delivery of further malware without requiring the victim to take any action beyond viewing the compromised content. The vulnerability does not have a CVSS score assigned yet, and no known exploits have been reported in the wild. However, the presence of stored XSS in an educational management system is concerning due to the sensitive nature of the user base, which may include students, educators, and administrators. The lack of patch links suggests that a fix has not yet been publicly released, increasing the risk for organizations still using this software version. Attackers could exploit this vulnerability remotely without authentication if the topic creation or update functionality is accessible to unauthenticated users or with low privilege accounts, which is common in collaborative educational platforms.

CVE Database V5

Detailed information about CVE-2025-60782: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60782: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-60782: n/a

CVE-2025-54087 is a server-side request forgery
vulnerability in Secure Access prior to version 14.10. Attackers with
administrative privileges can publish a crafted test HTTP request originating
from the Secure Access server. The attack complexity is high, there are no
attack requirements, and user interaction is required. There is no direct
impact to confidentiality, integrity, or availability. There is a low severity
subsequent system impact to integrity.

CVE-2025-54087 is a server-side request forgery (SSRF) vulnerability identified in Absolute Security's Secure Access product, affecting versions prior to 14.10. SSRF vulnerabilities allow an attacker to induce the server-side application to make HTTP requests to an arbitrary domain, potentially leading to unauthorized interactions with internal systems or services. In this case, the vulnerability requires the attacker to have administrative privileges on the Secure Access server, which limits the initial attack surface. The attacker can publish a specially crafted test HTTP request originating from the Secure Access server itself. The attack complexity is rated as high, indicating that exploitation is not straightforward and may require detailed knowledge or specific conditions. Additionally, user interaction is required, which further reduces the likelihood of exploitation. According to the CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N), the vulnerability is network exploitable but requires high attack complexity and administrative privileges, with user interaction needed. The impact on confidentiality, integrity, and availability is minimal, with no direct impact reported. However, there is a low severity subsequent impact on system integrity, which could imply minor unauthorized changes or actions within the system post-exploitation. No known exploits are currently in the wild, and no patches or mitigation links are provided in the data, suggesting that the vendor may have addressed this in version 14.10 or later. Overall, this vulnerability represents a low-severity risk primarily due to the high privileges required, the complexity of exploitation, and the limited impact scope.

Detailed information about CVE-2025-54087: Vulnerability in Absolute Security Secure Access affecting Absolute Security Secure Access. Get real-time updates, te

CVE-2025-54087: Vulnerability in Absolute Security Secure Access - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54087: Vulnerability in Absolute Security Secure Access

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profile_pet.php endpoint, specifically in the id_pet parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.

CVE-2025-61605 is a critical SQL Injection vulnerability affecting WeGIA, an open-source web management platform tailored for charitable institutions. The vulnerability exists in versions 3.4.12 and earlier, specifically within the /pet/profile_pet.php endpoint, targeting the id_pet parameter. Improper neutralization of special elements in this parameter allows attackers to inject arbitrary SQL commands. This can lead to unauthorized data disclosure, data manipulation, or even complete compromise of the underlying database. The vulnerability impacts confidentiality by exposing sensitive data, integrity by allowing unauthorized modifications, and availability by potentially enabling denial-of-service conditions through crafted queries. The CVSS 4.0 score of 9.4 reflects the high severity, with an attack vector that is network-based, requiring low attack complexity, no user interaction, and only low privileges. The vulnerability affects a critical component of the application that manages pet profiles, which may contain sensitive personal or organizational data. The issue has been addressed in WeGIA version 3.5.0, which includes proper input validation and parameterized queries to prevent injection attacks. No known exploits are currently reported in the wild, but the ease of exploitation and critical impact make this a high-risk vulnerability that requires immediate attention.

Detailed information about CVE-2025-61605: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA

CVE-2025-61605: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-61605: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA

CVE-2025-54089 is a cross-site scripting vulnerability in versions
of secure access prior to 14.10. Attackers with administrative access to the
console can interfere with another administrator’s access to the console. The
attack complexity is low; there are no attack requirements. Privileges required
to execute the attack are high and the victim must actively participate in the
attack sequence. There is no impact to confidentiality or availability, there
is a low impact to integrity.

CVE-2025-54089 is a cross-site scripting (XSS) vulnerability identified in Absolute Security's Secure Access product, affecting versions prior to 14.10. This vulnerability allows an attacker with administrative privileges on the console to execute malicious scripts that can interfere with the session or access of another administrator. The attack complexity is low, meaning it does not require advanced techniques or conditions to be exploited. However, it requires the attacker to have high privileges (administrative access) and the victim administrator must actively participate in the attack sequence, such as interacting with a maliciously crafted interface or payload. The vulnerability does not impact confidentiality or availability, but it has a low impact on integrity, potentially allowing manipulation or interference with administrative sessions or actions. The CVSS 4.0 base score is 4.6, categorized as medium severity, reflecting the limited scope and impact of the vulnerability. No known exploits are currently in the wild, and no patches or mitigations have been explicitly linked in the provided data. The vulnerability is specific to the web console interface of the Secure Access product, which is typically used for managing secure access policies and configurations.

Detailed information about CVE-2025-54089: Vulnerability in Absolute Security Secure Access affecting Absolute Security Secure Access. Get real-time updates, te

CVE-2025-54089: Vulnerability in Absolute Security Secure Access - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54089: Vulnerability in Absolute Security Secure Access

CVE-2025-54088 is an open-redirect vulnerability in Secure
Access prior to version 14.10. Attackers with access to the console can
redirect victims to an arbitrary URL. The attack complexity is low, attack
requirements are present, no privileges are required, and users must actively
participate in the attack. Impact to confidentiality is low and there is no
impact to integrity or availability. There are high severity impacts to
confidentiality, integrity, availability in subsequent systems.

CVE-2025-54088 is an open-redirect vulnerability identified in Absolute Security's Secure Access product, affecting versions prior to 14.10. This vulnerability allows an attacker with access to the console to redirect users to arbitrary URLs. The attack complexity is low, and no privileges are required to initiate the attack, although user interaction is necessary for exploitation. The vulnerability itself primarily impacts confidentiality to a low degree, with no direct impact on integrity or availability. However, the description notes that subsequent systems could suffer high severity impacts on confidentiality, integrity, and availability if exploited further. The CVSS 4.0 base score is 5.5 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but requiring user interaction. The scope and impact metrics indicate that the vulnerability affects the security context and integrity of the system indirectly. The vulnerability is not currently known to be exploited in the wild, and no patches or exploit indicators are available at this time. The open-redirect nature means attackers can craft URLs that appear legitimate but redirect victims to malicious sites, potentially facilitating phishing, credential theft, or malware delivery. Given that the attacker needs console access but no privileges, this suggests that the console interface is accessible to users without elevated rights, which could be a design or configuration issue. The vulnerability's impact is primarily as a stepping stone for further attacks rather than a direct critical compromise.

Detailed information about CVE-2025-54088: Vulnerability in Absolute Security Secure Access affecting Absolute Security Secure Access. Get real-time updates, te

CVE-2025-54088: Vulnerability in Absolute Security Secure Access - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54088: Vulnerability in Absolute Security Secure Access

This content has been identified as promotional or non-threat material.

Detailed information about CVE-2025-10895. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-10895

AI Analysis

Technical Summary

Potential Impact

Mitigation Recommendations

CVE-2025-10895

AI-Powered Analysis

Technical Analysis

Potential Impact

Mitigation Recommendations

Technical Details

Related Threats

CVE-2025-60782: n/a

CVE-2025-54087: Vulnerability in Absolute Security Secure Access

CVE-2025-61605: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in LabRedesCefetRJ WeGIA

CVE-2025-54089: Vulnerability in Absolute Security Secure Access

CVE-2025-54088: Vulnerability in Absolute Security Secure Access

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility