Lucene search
K

378 matches found

NVD
NVD
added 2025/12/12 4:15 a.m.13 views

CVE-2025-12834

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failuremessage' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.12 views

PT-2025-50810

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failure message' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.6AI score0.00212EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.5 views

WordPress plugin Accept Stripe Payments Using Contact Form 7 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plug...

6.1CVSS5.7AI score0.00212EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/12 12:0 a.m.13 views

MailEnable Message Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6.3AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.4 views

CVE-2025-34397

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

6.1CVSS5.8AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34397

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

6.1CVSS5.9AI score0.00336EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 6:7 p.m.11 views

CVE-2025-34397

CVE-2025-34397 : MailEnable

6.1CVSS5.3AI score0.00336EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 6:7 p.m.3 views

CVE-2025-34397 MailEnable < 10.54 Reflected XSS in Message Parameter of Mobile/Compose.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

5.3CVSS5.3AI score0.00336EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/09 6:7 p.m.29 views

CVE-2025-34397 MailEnable < 10.54 Reflected XSS in Message Parameter of Mobile/Compose.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of /Mobile/Compose.aspx. The Message value is not properly sanitized when processed via a GET request and is reflected into a JavaScript context in the response. By supplying a...

5.3CVSS0.00336EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

MailEnable 跨站脚本漏洞

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied da...

6.1CVSS6AI score0.00336EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.6 views

PT-2025-50136

Name of the Vulnerable Software and Affected Versions MailEnable versions prior to 10.54 Description MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Message parameter of the ''/Mobile/Compose.aspx'' API endpoint. The Message value is not proper...

6.1CVSS5.7AI score0.00336EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/02 12:19 a.m.12 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS5.8AI score0.00186EPSS
Exploits0References1
NVD
NVD
added 2025/12/01 4:15 p.m.3 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS0.00186EPSS
Exploits0References3
OSV
OSV
added 2025/12/01 3:15 p.m.5 views

CVE-2025-63526

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

5.4CVSS5.7AI score0.0028EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/01 12:0 a.m.4 views

CVE-2025-63534

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...

8.5CVSS0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.6 views

PT-2025-48456

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter,...

8.5CVSS5.8AI score0.0028EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.5 views

PT-2025-48463

Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description The application does not properly sanitize or encode user-supplied input before rendering it, leading to a cross-site scripting XSS issue. An attacker can inject malicious JavaScript payload...

8.5CVSS5.3AI score0.00186EPSS
Exploits0References9
CVE
CVE
added 2025/12/01 12:0 a.m.13 views

CVE-2025-63534

CVE-2025-63534 describes a reflected XSS vulnerability in Blood Bank Management System 1.0, specifically in the login.php component. The root cause is improper sanitization/encoding of user-provided input, allowing an attacker to inject JavaScript via the msg and error parameters, which executes ...

8.5CVSS5.5AI score0.00186EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/11/21 10:15 a.m.4 views

CVE-2025-12160

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00202EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 9:27 a.m.5 views

EUVD-2025-198431

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS4.8AI score0.00202EPSS
Exploits0References3
Rows per page
Query Builder