2026-03-19 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-12518 | Bee Content Design - Befree SDK | beefree.io SDK is vulnerable to Stored XSS in Social Media icon URL parameter in email builder functionality. Malicious attacker can inject arbitrary HTML and JS into template, which will be rendered/executed when visiting preview page. However due to beefree’s Content Security Policy not all payloads will execute successfully. This issue has been fixed in version 3.47.0. | CVSS4.0: 5.3 - MEDIUM | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: partial | Stored XSS in beefree.io | github |
This post is licensed under CC BY 4.0 by the author.