← Back

Dbsyncer Project

dbsyncer_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Dbsyncer
dbsyncer
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-45237
1Dbsyncer Project
1Dbsyncer
Nov 18, 2025
May 5, 2025
N/A· v4
7.5 HIGH· v3
N/A· v2
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.
CVE-2025-45236
1Dbsyncer Project
1Dbsyncer
Nov 18, 2025
May 5, 2025
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.