Welcome to no-sec blog, where a team of passionate pentesters shares their insights and expertise from the world of cybersecurity. From CVE write-ups to practical guides on exploitation techniques and defense strategies, we aim to contribute valuable knowledge to the security community.
CVE-2025-61074 - Stored Cross Site Scripting (XSS)
A stored cross site scripting vulnerability in the bulletin board component in adata's Employee Portal versions prior to 2.16.1 allows remote authenticated users to execute arbitrary JavaScript code in other authenticated user's web browsers.
Read more ⟶CVE-2025-61075 - Multiple Incorrect Access Controls
Incorrect Access Controls in multiple modules in adata's Employee Portal versions prior to 2.16.1 allow remote authenticated users to call API endpoints without proper authorization checks leading to access to confidential data including sensitive data of other employees and also allows the manipulation of workflows.
Read more ⟶