CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27631
https://notcve.org/view.php?id=CVE-2025-27631
25 Mar 2025 — The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27633
https://notcve.org/view.php?id=CVE-2025-27633
25 Mar 2025 — The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27632
https://notcve.org/view.php?id=CVE-2025-27632
25 Mar 2025 — A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning. • https://publisher.hitachienergy.com/preview?DocumentID=8DBD000210&LanguageCode=en&DocumentPartId=&Action=Launch • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •