{"vulnerability": "CVE-2025-4748", "sightings": [{"uuid": "8e5c26af-e1df-46b8-a21b-12b8ef58b4e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://bsky.app/profile/theerlef.bsky.social/post/3lrt2puwmac23", "content": "", "creation_timestamp": "2025-06-17T17:52:09.599431Z"}, {"uuid": "288cfdc8-6ee6-47fb-a737-4c487682015a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3lrqkv2dysx22", "content": "", "creation_timestamp": "2025-06-16T18:03:21.046005Z"}, {"uuid": "6a90e51c-3ba2-4a56-851d-79a050fd721e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://seclists.org/oss-sec/2025/q2/256", "content": "", "creation_timestamp": "2025-06-16T15:30:31.000000Z"}, {"uuid": "9021c56c-d2fe-41ea-bcfe-8fb18bd4a6c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47488", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15313", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47488\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder allows DOM-Based XSS. This issue affects Bold Page Builder: from n/a through 5.3.2.\n\ud83d\udccf Published: 2025-05-07T14:19:50.895Z\n\ud83d\udccf Modified: 2025-05-07T14:19:50.895Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/bold-page-builder/vulnerability/wordpress-bold-page-builder-5-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:42.000000Z"}, {"uuid": "7343cb18-e7d1-4772-9f7a-672110d835dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://infosec.exchange/users/greynoise/statuses/114699836455411551", "content": "", "creation_timestamp": "2025-06-17T17:16:50.452108Z"}, {"uuid": "bbebbd99-6da2-4133-aaff-98711424eedb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://bsky.app/profile/greynoise.infosec.exchange.ap.brid.gy/post/3lrsyrdotuhw2", "content": "", "creation_timestamp": "2025-06-17T17:17:25.719021Z"}, {"uuid": "88a80eee-b044-47fd-aef4-c8681ad543d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://bsky.app/profile/greynoise.io/post/3lrsyrt47uc2q", "content": "", "creation_timestamp": "2025-06-17T17:17:27.682994Z"}, {"uuid": "0713388a-d6ba-407e-8c0a-8c236cde1f30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47489", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15312", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47489\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in markkinchin Beds24 Online Booking allows Stored XSS. This issue affects Beds24 Online Booking: from n/a through 2.0.29.\n\ud83d\udccf Published: 2025-05-07T14:19:51.412Z\n\ud83d\udccf Modified: 2025-05-07T14:19:51.412Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/beds24-online-booking/vulnerability/wordpress-beds24-online-booking-2-0-29-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-05-07T14:22:41.000000Z"}, {"uuid": "348657d0-e40d-41fa-bfb2-335b5678d2e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3lrtx5exigc2k", "content": "", "creation_timestamp": "2025-06-18T02:20:45.077287Z"}, {"uuid": "5b022844-7307-4750-93b1-9fae9c577296", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114693212327975159", "content": "", "creation_timestamp": "2025-06-16T13:12:14.443724Z"}, {"uuid": "f902d09f-a27f-42c0-8e74-cd8d72a765a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-47487", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17894", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-47487\n\ud83d\udd25 CVSS Score: 7.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)\n\ud83d\udd39 Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moreconvert MC Woocommerce Wishlist allows Reflected XSS. This issue affects MC Woocommerce Wishlist: from n/a through 1.9.1.\n\ud83d\udccf Published: 2025-06-09T15:54:11.431Z\n\ud83d\udccf Modified: 2025-06-10T13:56:59.358Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/plugin/smart-wishlist-for-more-convert/vulnerability/wordpress-mc-woocommerce-wishlist-1-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-10T14:30:39.000000Z"}, {"uuid": "86be8dd6-f66d-45ae-ad05-62fd8a04beac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4748", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18442", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4748\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L)\n\ud83d\udd39 Description: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with program files lib/stdlib/src/zip.erl and program routines zip:unzip/1, zip:unzip/2, zip:extract/1, zip:extract/2\u00a0unless the memory option is passed.\n\nThis issue affects OTP from OTP 17.0 until OTP\u00a028.0.1, OTP\u00a027.3.4.1 and OTP\u00a026.2.5.13, corresponding to stdlib from 2.0 until 7.0.1, 6.2.2.1 and 5.2.3.4.\n\ud83d\udccf Published: 2025-06-16T11:00:54.643Z\n\ud83d\udccf Modified: 2025-06-16T11:00:54.643Z\n\ud83d\udd17 References:\n1. https://github.com/erlang/otp/security/advisories/GHSA-9g37-pgj9-wrhc\n2. https://www.erlang.org/doc/system/versions.html#order-of-versions\n3. https://github.com/erlang/otp/pull/9941", "creation_timestamp": "2025-06-16T11:39:57.000000Z"}]}