MoonShine
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-51510 | 0.00 | — | 0.00 | Aug 19, 2025 | MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component. | |||
| CVE-2025-51488 | 0.00 | — | 0.00 | Aug 19, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin. | |||
| CVE-2025-51489 | 0.00 | — | 0.00 | Aug 19, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened. | |||
| CVE-2025-51487 | 0.00 | — | 0.00 | Aug 19, 2025 | A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article. |
- CVE-2025-51510Aug 19, 2025risk 0.00cvss —epss 0.00
MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component.
- CVE-2025-51488Aug 19, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin.
- CVE-2025-51489Aug 19, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing remote attackers to upload a malicious SVG file when creating/updating an Article and correctly execute arbitrary JavaScript when the file link is opened.
- CVE-2025-51487Aug 19, 2025risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article.