CVE-2024-25929

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5...

CVE-2021-25929

creationtimestamp| type| source ---|---|--- 2025-04-30 21:15:39+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/14173...

CVE-2025-25929

A reflected cross-site scripting XSS vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter...

CVE-2025-25929

A reflected cross-site scripting XSS vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter...

CVE-2024-25929 WordPress Product Catalog Mode For Woocommerce plugin <= 5.0.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.5...

CVE-2024-25929

CVE-2024-25929: WordPress plugin Product Catalog Enquiry for WooCommerce by MultiVendorX

WordPress Product Catalog Enquiry for WooCommerce by MultiVendorX Plugin <= 5.0.5 is vulnerable to Broken Access Control

Software Product Catalog Enquiry for WooCommerce by MultiVendorX Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-25929 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID...

CVE-2023-25929

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861...

CVE-2022-25929 Cross-site Scripting (XSS)

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting XSS due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties...

CVE-2022-25929

CVE-2022-25929 affects the smoothie package (versions 1.31.0 through before 1.36.1). The vulnerability is Cross-site Scripting (XSS) caused by improper sanitization of user-controlled values in strokeStyle and tooltipLabel properties. Multiple connected sources corroborate this XSS issue and spec...

CVE-2022-25929 Cross-site Scripting (XSS)

The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting XSS due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties...

CVE-2022-25929

creationtimestamp| type| source ---|---|--- 2022-12-21 07:12:42+00:00| seen| https://t.me/cibsecurity/55038 2025-04-16 18:56:19+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12140...

CVE-2021-25929

OpenNMS Horizon and Meridian are vulnerable to Stored Cross-Site Scripting due to lack of validation on the name parameter in the noticeWizard endpoint. An authenticated attacker could inject script and trick other admins into downloading malicious files. Affected: OpenNMS Horizon versions opennm...

CVE-2021-25929

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since...