CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3570 – JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting
https://notcve.org/view.php?id=CVE-2025-3570
14 Apr 2025 — A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. It has been classified as problematic. This affects the function Save of the file ContentController.java. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. • https://vuldb.com/?id.304611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3569 – JamesZBL/code-projects db-hospital-drug ShiroConfig.java improper authorization
https://notcve.org/view.php?id=CVE-2025-3569
14 Apr 2025 — A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/buluorifu/Vulnerability-recurrence/blob/main/Refer/db-hospital-drug-authority.md • CWE-266: Incorrect Privilege Assignment CWE-285: Improper Authorization •