CVE-2025-3004
published 2025-03-31CVE-2025-3004: A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of…
PriorityP430medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.29%
20.9th percentile
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| forestblog_project | forestblog | < 2025-03-21 | 2025-03-21 |
| sayski | forestblog | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3pmm-gf6j-2r75: A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic
ghsa_unreviewed·2025-03-31
CVE-2025-3004 [MEDIUM] CWE-79 GHSA-3pmm-gf6j-2r75: A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Red Hat
kernel: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
vendor_redhat·2025-08-16·CVSS 7.8
CVE-2025-38535 [HIGH] CWE-1341 kernel: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
kernel: phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
In the Linux kernel, the following vulnerability has been resolved:
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code
assumed that the regulator should be disabled. However, if the regulator
is marked as always-on, regulator_is_enabled() continues to return true,
leading to an incorrect attempt to disable a regulator which is not
enabled.
This can result in warnings such as:
[ 250.155624] WARNING: CPU: 1 PID: 7326 at drivers/regulator/core.c:3004
_regulator_disable+0xe4/0x1a0
[ 250.155652] unbalanced disables for VIN_SYS_5V0
To fix this, we move the regulator control logic into
tegra186_xusb_padctl_id_override() function since it'
Red Hat
Sayski ForestBlog search cross site scripting
vendor_redhat·2025-03-31·CVSS 5.1
CVE-2025-3004 [MEDIUM] CWE-79 Sayski ForestBlog search cross site scripting
Sayski ForestBlog search cross site scripting
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
No detection rules found.
No public exploits indexed.
https://github.com/saysky/ForestBlog/issues/104https://github.com/saysky/ForestBlog/issues/104#issue-2937118096https://vuldb.com/?ctiid.302053https://vuldb.com/?id.302053https://vuldb.com/?submit.524484https://github.com/saysky/ForestBlog/issues/104https://github.com/saysky/ForestBlog/issues/104#issue-2937118096
2025-03-31
Published