3943 matches found
CVE-2025-11019 Total.js CMS Files Menu cross site scripting
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-11019 Total.js CMS Files Menu cross site scripting
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Groovy Menu versions = 1.4.3...
CVE-2025-60113
Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...
CVE-2025-60113
CVE-2025-60113 The provided connected document set confirms a Cross-Site Request Forgery (CSRF) vulnerability affecting the WordPress plugin Groovy Menu (Free), specifically in versions up to 1.4.3. The vulnerability details and affected component align with the CVE entry, which states CSRF expos...
CVE-2025-60113 WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...
CVE-2025-60113 WordPress Groovy Menu Plugin <= 1.4.3 - Cross Site Request Forgery (CSRF) Vulnerability
Cross-Site Request Forgery CSRF vulnerability in grooni Groovy Menu groovy-menu-free allows Cross Site Request Forgery.This issue affects Groovy Menu: from n/a through = 1.4.3...
WordPress plugin Groovy Menu 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
Total.js CMS 代码注入漏洞
Total.js CMS is a Total.js open source content management system CMS based on NoSQL database. A code injection vulnerability exists in Total.js CMS version 19.9.0 and earlier, which stems from a mishandling of an unknown function in the Files Menu component that could lead to a cross-site scripti...
PT-2025-39646
Name of the Vulnerable Software and Affected Versions Total.js CMS versions up to 19.9.0 Description A flaw exists in Total.js CMS that allows for cross site scripting through manipulation of an unknown function within the Files Menu component. This issue can be exploited remotely, and details...
PT-2025-39560
Name of the Vulnerable Software and Affected Versions grooni Groovy Menu versions through 1.4.3 Description A Cross-Site Request Forgery CSRF issue exists in grooni Groovy Menu. This allows attackers to perform actions on behalf of authenticated users without their knowledge. Recommendations Upda...
CVE-2025-10827
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...
CVE-2025-9495
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...
CVE-2025-58647
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Will.I.am Simple Restaurant Menu simple-restaurant-menu allows Stored XSS.This issue affects Simple Restaurant Menu: from n/a through = 1.2...
CVE-2025-9495
CVE-2025-9495 - Vitogate 300 Authentication Bypass : The Vitogate 300 web interface relies on frontend-based authentication controls and does not enforce proper server-side authentication. An attacker can modify HTML elements via browser developer tools to bypass login restrictions and reveal the...
CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...
CVE-2025-9495 Viessmann Vitogate 300 Authentication Bypass
The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. This allows an attacker to simply modify HTML elements in the browser’s developer tools to bypass login restrictions. By removing specific UI elements, an attack...
CVE-2025-10827
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...
CVE-2025-10827
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...
CVE-2025-10827 PHPJabbers Restaurant Menu Maker preview.php cross site scripting
A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...