CVE-2024-25098

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

CVE-2022-25098

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter...

CVE-2018-25098

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service...

CVE-2025-25098

CVE-2025-25098 applies to the WordPress plugin Links in Captions (versions n/a through 1.2). The issue is a Stored Cross-Site Scripting (XSS) vulnerability caused by improper input neutralization during web page generation. Affects the Links in Captions component; exploitation could enable an att...

CVE-2024-25098

creationtimestamp| type| source ---|---|--- 2024-03-06 19:51:44+00:00| seen| https://t.me/ctinow/201719...

CVE-2024-25098 WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

CVE-2024-25098 WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6...

CVE-2024-25098

PB oEmbed HTML5 Audio – with Cache Support (WordPress plugin by Pascal Bajorat) is affected by a stored Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. The issue affects versions n/a through 2.6. Exploitation details and patch status vary ...

WordPress PB oEmbed HTML5 Audio Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS)

Software PB oEmbed HTML5 Audio Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-25098 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID fd60f7f1dbad Credits Ngô Thiên An ancorn from VNPT-VCI...

CVE-2018-25098

creationtimestamp| type| source ---|---|--- 2024-02-04 18:26:27+00:00| seen| https://t.me/ctinow/178919 2024-02-25 16:21:49+00:00| seen| https://t.me/ctinow/192929...

CVE-2018-25098

The CVE-2018-25098 issue affects the Blockmason blockmason credit-protocol UCAC Handler, specifically the executeUcacTx function in contracts/CreditProtocol.sol. The vulnerability is described as a denial of service caused by the manipulation of that function. The product reportedly does not use ...

CVE-2023-25098

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2023-25098

Milesight UR32L v32.3.0.5 contains buffer overflow vulnerabilities in the vtysh_ubus binary (CVE-2023-25098) due to unsafe sprintf usage. The flaws reside in set_qos and related code that formats commands, allowing a network attacker with high privileges to trigger via specially crafted HTTP requ...

CVE-2019-25098

A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical. This affects an unknown part of the file include/archive.php of the component Archive Handler. The manipulation leads to path traversal. Upgrading to version 2.1.13 is able to address this issue. The...

CVE-2019-25098

CVE-2019-25098 affects soerennb eXtplorer up to version 2.1.12. The vulnerability is a path traversal flaw in an unknown portion of the include/archive.php file within the Archive Handler component. Upgrading to 2.1.13 addresses the issue (patch identifier b8fcb888f4ff5e171c16797a4b075c6c6f50bf46...

CVE-2021-25098

The CVE concerns the Easy Pricing Tables (Pricing Tables WordPress Plugin) before version 3.1.3, which does not verify the CSRF nonce when deleting posts. This CSRF weakness allows an authenticated attacker to trigger a logged-in admin to remove arbitrary posts, with affected posts moved to trash...

CVE-2021-25098 Easy Pricing Tables < 3.1.3 - Arbitrary Post Removal via CSRF

The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog via a CSRF attack, which will be put in the trash...

CVE-2022-25098

creationtimestamp| type| source ---|---|--- 2022-02-24 18:21:13+00:00| seen| https://t.me/cibsecurity/38015...

CVE-2022-25098

ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter...

CVE-2022-25098

ECTouch v2 is affected by an arbitrary file deletion vulnerability caused by insufficient filtering of the filename parameter. The root cause cited is improper validation of file names, enabling deletion of files via this parameter. The connected documents in this set confirm the issue but do not...