Lucene search
+L

729 matches found

packetstorm
packetstorm
added 2025/12/08 12:0 a.m.174 views

📄 Coohom SaaS Cross Site Scripting

Coohoom SaaS is susceptible to a persistent cross site scripting vulnerability. CVE-2025-65300 Description CVE-2025-65300: Stored Cross-Site Scripting XSS Vulnerability in Coohom SaaS Platform Disclosure Date: 2025-10-28 Last Updated: 2025-10-28 Reporter: Phisit Pupiw Vendor: Coohom CWE: CWE-79 –...

5.4CVSS6.4AI score0.00169EPSS
Exploits1
osv
osv
added 2025/12/02 12:31 a.m.3 views

GHSA-4G25-WJ72-CHXG Snipe-IT allows stored XSS via the Locations "Country" field

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.3CVSS5.8AI score0.00161EPSS
Exploits1References6
euvd
euvd
added 2025/12/02 12:31 a.m.5 views

EUVD-2025-200077

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.3AI score0.00161EPSS
Exploits1References3
github
github
added 2025/12/02 12:31 a.m.6 views

Snipe-IT allows stored XSS via the Locations "Country" field

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.4CVSS5.9AI score0.00161EPSS
Exploits1References6Affected Software1
redhatcve
redhatcve
added 2025/12/02 12:19 a.m.7 views

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.4CVSS5.9AI score0.00161EPSS
Exploits1References1
cvelist
cvelist
added 2025/12/01 12:0 a.m.14 views

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

0.00161EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/12/01 12:0 a.m.3 views

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.5AI score0.00161EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/12/01 12:0 a.m.6 views

Snipe-IT 安全漏洞

Snipe-IT is an open source IT asset/license management system from Grokability Open Source. A security vulnerability exists in Snipe-IT versions prior to 8.3.4 that stems from a stored cross-site scripting attack in the Locations Country field...

5.4CVSS5.7AI score0.00161EPSS
Exploits1References3
osv
osv
added 2025/12/01 12:0 a.m.6 views

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session...

5.4CVSS5.8AI score0.00161EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2025/12/01 12:0 a.m.12 views

PT-2025-48553

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.3.4 Description A stored cross-site scripting XSS issue exists in Snipe-IT. A low-privileged authenticated user can inject JavaScript code through the Locations "Country" field. This injected code can then execute...

5.7AI score0.00161EPSS
Exploits1References5
hackread
hackread
added 2025/11/24 5:46 p.m.4 views

How To Hide Your Country Location on X (Twitter) by Switching to Region

X formerly known as Twitter has added a new location detail in its account transparency section. It shows…...

7AI score
Exploits0
thn
thn
added 2025/11/20 11:30 a.m.4 views

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...

6.8AI score
Exploits0
ptsecurity
ptsecurity
added 2025/11/18 12:0 a.m.7 views

PT-2025-47284

Name of the Vulnerable Software and Affected Versions Live sales notification for WooCommerce plugin for WordPress versions prior to 2.3.39 Description The Live sales notification for WooCommerce plugin for WordPress is affected by a missing authorization issue. The getOrders function does not ha...

7.5CVSS6.2AI score0.00306EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2025/11/14 12:0 a.m.6 views

CVE-2024-44630

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

7.2AI score0.00235EPSS
Exploits1References2
euvd
euvd
added 2025/11/14 12:0 a.m.6 views

EUVD-2024-55078

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

6.5CVSS7.1AI score0.00235EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/11/07 3:54 p.m.11 views

CVE-2025-48077

Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...

7.1CVSS6.6AI score0.00112EPSS
Exploits0References1
nvd
nvd
added 2025/11/06 4:15 p.m.6 views

CVE-2025-48077

Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...

7.1CVSS0.00112EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/06 3:53 p.m.7 views

CVE-2025-48077 WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...

7.1CVSS6.2AI score0.00112EPSS
Exploits0References1
cvelist
cvelist
added 2025/11/06 3:53 p.m.11 views

CVE-2025-48077 WordPress Block Country plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through = 1.0...

7.1CVSS0.00112EPSS
Exploits0References1
cve
cve
added 2025/11/06 3:53 p.m.15 views

CVE-2025-48077

CVE-2025-48077 documents a CSRF to Stored XSS vulnerability in the WordPress Block Country plugin (versions

7.1CVSS6.3AI score0.00112EPSS
Exploits0References1
Rows per page
Query Builder