729 matches found
📄 Coohom SaaS Cross Site Scripting
Coohoom SaaS is susceptible to a persistent cross site scripting vulnerability. CVE-2025-65300 Description CVE-2025-65300: Stored Cross-Site Scripting XSS Vulnerability in Coohom SaaS Platform Disclosure Date: 2025-10-28 Last Updated: 2025-10-28 Reporter: Phisit Pupiw Vendor: Coohom CWE: CWE-79 –...
GHSA-4G25-WJ72-CHXG Snipe-IT allows stored XSS via the Locations "Country" field
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
EUVD-2025-200077
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
Snipe-IT allows stored XSS via the Locations "Country" field
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
CVE-2025-65622
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
CVE-2025-65622
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
CVE-2025-65622
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
Snipe-IT 安全漏洞
Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT versions prior to 8.3.4 that stems from a stored cross-site scripting attack in the Locations Country field...
CVE-2025-65622
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...
PT-2025-48553
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.3.4 Description A stored cross-site scripting XSS issue exists in Snipe-IT. A low-privileged authenticated user can inject JavaScript code through the Locations "Country" field. This injected code can then execute...
How To Hide Your Country Location on X (Twitter) by Switching to Region
X formerly known as Twitter has added a new location detail in its account transparency section. It shows…...
CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat
CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...
PT-2025-47284
Name of the Vulnerable Software and Affected Versions Live sales notification for WooCommerce plugin for WordPress versions prior to 2.3.39 Description The Live sales notification for WooCommerce plugin for WordPress is affected by a missing authorization issue. The getOrders function does not ha...
CVE-2024-44630
Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...
EUVD-2024-55078
Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...
CVE-2025-48077
Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...
CVE-2025-48077
Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...
CVE-2025-48077 WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...
CVE-2025-48077 WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability
Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...
CVE-2025-48077
CVE-2025-48077 documents a CSRF to Stored XSS vulnerability in the WordPress Block Country plugin (versions