CVE-2025-10827 PHPJabbers Restaurant Menu Maker preview.php cross site scripting

A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...

PT-2025-39095

Name of the Vulnerable Software and Affected Versions PHPJabbers Restaurant Menu Maker versions up to 1.1 Description A cross-site scripting issue exists in PHPJabbers Restaurant Menu Maker. The issue is related to the /preview.php file and manipulation of the theme parameter. This manipulation c...

PT-2025-39104

Name of the Vulnerable Software and Affected Versions Vitogate 300 affected versions not specified Description The web interface does not properly enforce server-side authentication, relying instead on frontend-based authentication controls. This allows an attacker to bypass login restrictions by...

PHPJABBERS Restaurant Menu Maker Project 代码注入漏洞

PHPJABBERS Restaurant Menu Maker Project is a PHPJABBERS open source menu maker project. A code injection vulnerability exists in PHPJABBERS Restaurant Menu Maker Project 1.1 and earlier versions, which stems from incorrect manipulation of the parameter theme in the file /preview.php, and could...

CVE-2025-58647

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Will.I.am Simple Restaurant Menu simple-restaurant-menu allows Stored XSS.This issue affects Simple Restaurant Menu: from n/a through = 1.2...

WordPress Simple Restaurant Menu Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Vinit Lakra in WordPress Plugin Simple Restaurant Menu versions = 1.2...

CVE-2025-58647 WordPress Simple Restaurant Menu Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Will.I.am Simple Restaurant Menu simple-restaurant-menu allows Stored XSS.This issue affects Simple Restaurant Menu: from n/a through = 1.2...

CVE-2025-58647

CVE-2025-58647 is a stored XSS in the WordPress plugin Simple Restaurant Menu. Affected: Simple Restaurant Menu

CVE-2025-58647 WordPress Simple Restaurant Menu Plugin <= 1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Will.I.am Simple Restaurant Menu simple-restaurant-menu allows Stored XSS.This issue affects Simple Restaurant Menu: from n/a through = 1.2...

WordPress plugin Simple Restaurant Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-38936

Name of the Vulnerable Software and Affected Versions Will.I.am Simple Restaurant Menu versions through 1.2 Description The Simple Restaurant Menu software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means...

GHSA-223M-4RFP-646H Jenkins is missing a permission check in the authenticated users' profile menu

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu. This allows attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu...

Jenkins is missing a permission check in the authenticated users' profile menu

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu. This allows attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu...

CVE-2025-59475

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu e.g.,...

CVE-2025-59475

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu e.g.,...

CVE-2025-59475

Jenkins 2.527 and earlier, LTS 2.516.2 and earlier does not perform a permission check for the authenticated user profile dropdown menu, allowing attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available options in this menu e.g.,...

CVE-2025-59475

CVE-2025-59475 concerns Jenkins 2.527 and earlier, and LTS 2.516.2 and earlier, where a missing permission check in the authenticated user profile dropdown menu allows attackers without Overall/Read permission to obtain limited information about the Jenkins configuration by listing available opti...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3618 / CVE-2025-5115 HTTP/2 denial of service vulnerability in bundled Jetty Medium SECURITY-3594 / CVE-2025-59474 Missing permission check allows obtaining agent names Medium SECURITY-3625 / CVE-2025-59475 Missing permission check in...

CVE-2025-10290 Opening links via the contextual menu in Focus for iOS would not update the toolbar UI correctly, allowing attackers to spoof websites

Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not refresh the toolbar correctly, allowing attackers to spoof websites if users were coerced into opening a link explicitly through a long-press. This vulnerability was fixed in Focus for iOS...

PT-2025-37927

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 143.0 Description: Opening links via the contextual menu for certain URL schemes would fail to load, but the toolbar would not refresh correctly. This could allow attackers to spoof websites if users were coerc...