CVE-2025-1484

MEDIUM Year: 2025
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-184
View all →

Vulnerability Description

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied by the attacker to execute within the user’s browser in the context of that user’s session with the application.

Related Vulnerabilities

CVE-2021-31370

MEDIUM
CVSS:6.5(Medium)

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker whi...

CWE-1842021

CVE-2023-40037

MEDIUM
CVSS:6.5(Medium)

Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against craf...

CWE-1842023

CVE-2024-20278

MEDIUM
CVSS:6.5(Medium)

A vulnerability in the NETCONF feature of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate privileges to root on an affected device. This vulnerability is due to improper...

CWE-1842024

CVE-2023-45593

MEDIUM
CVSS:6.8(Medium)

A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacke...

CWE-1842023

CVE-2022-38179

MEDIUM
CVSS:6.1(Medium)

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

CWE-1842022

CVE-2023-23844

HIGH
CVSS:7.2(High)

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands wi...

CWE-1842023