CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3790 – baseweb JSite Apache Druid Monitoring Console index.html access control
https://notcve.org/view.php?id=CVE-2025-3790
18 Apr 2025 — A vulnerability classified as critical has been found in baseweb JSite 1.0. This affects an unknown part of the file /druid/index.html of the component Apache Druid Monitoring Console. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.305613 • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3789 – baseweb JSite save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3789
18 Apr 2025 — A vulnerability was found in baseweb JSite 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /a/sys/area/save. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?id.305612 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3788 – baseweb JSite save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3788
18 Apr 2025 — A vulnerability was found in baseweb JSite 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /a/sys/user/save. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?id.305611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •