Lucene search
K

14 matches found

NVD
NVD
added 2026/05/23 7:16 p.m.15 views

CVE-2018-25349

userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators...

6.1CVSS0.00155EPSS
Exploits0References2
Circl
Circl
added 2026/02/20 3:40 a.m.7 views

CVE-2019-25349

creationtimestamp| type| source ---|---|--- 2026-02-20 03:40:12+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfb6qud6tq2u...

7.5CVSS5.1AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.10 views

CVE-2021-25349

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent...

7.8CVSS6.7AI score0.00226EPSS
Exploits0References1
Circl
Circl
added 2025/02/12 4:16 p.m.15 views

CVE-2025-25349

creationtimestamp| type| source ---|---|--- 2025-02-12 16:16:46+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhyl4dedsw2x 2025-02-12 18:19:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lhyry4d26227 2025-02-12 18:33:21+00:00| seen|...

9.8CVSS5.7AI score0.00458EPSS
Exploits1References3
CVE
CVE
added 2025/02/12 12:0 a.m.77 views

CVE-2025-25349

The CVE concerns PHPGurukul Daily Expense Tracker System v1.1. The vulnerability is a SQL Injection in the /dets/add-expense.php endpoint due to the costitem parameter. Affects PHP-MySQL stack as described; impact is rated HIGH for confidentiality, integrity, and availability (CVSS 3.1: 9.8). The...

9.8CVSS8.1AI score0.00458EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/03 12:0 a.m.5 views

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2022-25349 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2022-25349 Source advisory: OSV:GHSA-7JVX-F994-RFW2...

5.4CVSS6AI score0.01001EPSS
Exploits1
NVD
NVD
added 2022/05/01 4:15 p.m.24 views

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

5.4CVSS0.01001EPSS
Exploits1References3
CVE
CVE
added 2022/05/01 3:30 p.m.96 views

CVE-2022-25349

CVE-2022-25349 affects materialize-css: XSS caused by improper escaping of user input in the autocomplete component, allowing input such as to be parsed as HTML/JavaScript and executed in the DOM. Connected sources (Veracode, OSV, SNYK) confirm all versions are vulnerable with the root cause in ...

5.4CVSS5.2AI score0.01001EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/05/01 3:30 p.m.26 views

CVE-2022-25349 Cross-site Scripting (XSS)

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

5.4CVSS5.5AI score0.01001EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/05/01 3:30 p.m.43 views

CVE-2022-25349

Removed by vendor...

5.4CVSS5.6AI score0.01001EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/12/23 10:53 a.m.12 views

5x5_uploader (>=1.0.0 <=1.2.2), @3t-transform/threeteeui (>=0.0.1 <=0.0.6) +251 more potentially affected by CVE-2022-25349 via materialize-css (>=0.100.2 <=1.0.0)

materialize-css NPM version =0.100.2, =1.0.0, =0.0.1, =1.0.1, =1.0.3, =1.0.0, =6.1.3, =45.4.6, =0.0.3, =1.0.2, =0.0.4, =0.0.6, =1.0.0, =0.5.0, =0.7.0 and more Source cves: CVE-2022-25349 Source advisory: SNYK:JS-MATERIALIZECSS-2324800...

5.4CVSS6AI score0.01001EPSS
Exploits1
NVD
NVD
added 2021/03/25 5:15 p.m.10 views

CVE-2021-25349

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent...

7.8CVSS0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/03/25 4:9 p.m.17 views

CVE-2021-25349

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent...

5.5CVSS7.6AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2021/03/25 4:9 p.m.48 views

CVE-2021-25349

The CVE-2021-25349 entry concerns the Slow Motion Editor. Affected: Slow Motion Editor versions prior to 3.5.18.5. Root cause: use of an unsafe PendingIntent that allows a local attacker to hijack PendingIntent and perform unauthorized actions without user permission. Impact details in sources in...

7.8CVSS7.3AI score0.00226EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder