Lucene search
K

60 matches found

Cvelist
Cvelist
added 2025/12/09 12:0 a.m.26 views

CVE-2025-65300

A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...

0.00169EPSS
Exploits1References2
CVE
CVE
added 2025/12/09 12:0 a.m.21 views

CVE-2025-65300

The CVE-2025-65300 entry concerns a stored XSS in the Coohom SaaS Platform, specifically in the Account Settings module for feVersion=1760060603897 (2025-10-28). The vulnerability arises from unsanitized input in Address fields (City, State, Country/Region) that is rendered back to the profile pa...

5.4CVSS5.5AI score0.00169EPSS
Exploits1References2Affected Software1
Packet Storm
Packet Storm
added 2025/12/08 12:0 a.m.172 views

📄 Coohom SaaS Cross Site Scripting

Coohoom SaaS is susceptible to a persistent cross site scripting vulnerability. CVE-2025-65300 Description CVE-2025-65300: Stored Cross-Site Scripting XSS Vulnerability in Coohom SaaS Platform Disclosure Date: 2025-10-28 Last Updated: 2025-10-28 Reporter: Phisit Pupiw Vendor: Coohom CWE: CWE-79 –...

5.4CVSS6.4AI score0.00169EPSS
Exploits1
EUVD
EUVD
added 2025/12/07 3:30 p.m.9 views

EUVD-2025-201605

A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...

5.1CVSS5.2AI score0.00218EPSS
Exploits1References6
OSV
OSV
added 2025/12/07 3:15 p.m.5 views

CVE-2025-14194

A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...

5.4CVSS4.2AI score0.00218EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/12/07 12:0 a.m.11 views

Code-Projects Employee Profile Management System 代码注入漏洞

Employee Profile Management System is an employee profile management system. Employee Profile Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter peraddress/drschool/otherschool in...

5.4CVSS4.4AI score0.00218EPSS
Exploits1References6
CVE
CVE
added 2025/11/18 8:53 a.m.21 views

CVE-2025-26391

CVE-2025-26391: SolarWinds Observability Self-Hosted exposes a cross-site scripting (XSS) vulnerability in user-created URL fields of the SolarWinds Platform. The issue requires authentication from a low-privilege account. Public exploitation details or concrete remediation are not provided in th...

5.4CVSS6.1AI score0.00395EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/10/29 3:31 p.m.14 views

CVE-2025-12148

In CVE-2025-12148, Floragunn Search Guard FLX versions 3.1.1 and earlier expose a vulnerability where Field Masking (FM) rules are not properly enforced on IP-type fields. Although the redacted _source is returned, search hits can be based on specific IP values, enabling reconstruction of the ori...

6CVSS6.4AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2025/10/07 1:55 p.m.14 views

CVE-2025-54402

Planet WGR-500 v1.3411b190912 contains multiple stack-based buffer overflow flaws in the formPingCmd HTTP handling, cited as CVE-2025-54402 among TALOS-2025-2226. The root cause is unsafe use of stack and heap buffers while composing command and request-data strings: submit-url, ipaddr, and count...

8.8CVSS7.2AI score0.00708EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-3240

Malware in sbrugna...

3.6CVSS6.4AI score0.00864EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-28018

Malicious code in bioql PyPI...

7.6CVSS6.5AI score0.03411EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/05/23 4:15 p.m.3 views

CVE-2025-43860

OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...

7.6CVSS6AI score0.03411EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/10/10 12:0 a.m.4 views

code-projects Blood Bank System 跨站脚本漏洞

Code-Projects Blood Bank System is an open source blood bank management system from Code-Projects. A cross-site scripting vulnerability exists in code-projects Blood Bank System version 1.0, which originates from a cross-site scripting issue in the hospital/address/city/contact parameter in the...

5.4CVSS4.5AI score0.00402EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/02/10 12:0 a.m.9 views

PT-2023-5871 · D Link · D-Link Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 versions 1.03 and earlier Description: The issue allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. This is related to the lack of protection...

9CVSS8.9AI score0.20525EPSS
Exploits1References7
BDU FSTEC
BDU FSTEC
added 2022/10/28 12:0 a.m.14 views

The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...

5.5CVSS5.6AI score0.00851EPSS
Exploits0References4Affected Software2
CNVD
CNVD
added 2022/03/15 12:0 a.m.20 views

Microweber integer overflow vulnerability

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An integer overflow vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from the fact tha...

9.1CVSS3.9AI score0.01401EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.13 views

Microweber 输入验证错误漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An integer overflow vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from the fact tha...

9.1CVSS5.7AI score0.01401EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.6 views

MartDevelopers iResturant 跨站脚本漏洞

MartDevelopers iResturant is an open source lightweight restaurant Erp from MartDevelopers Kenya. for integrating social restaurant operations into one system. A cross-site scripting vulnerability exists in MartDevelopers iResturant version 1.0, which stems from a lack of effective filtering and...

5.4CVSS5.8AI score0.00664EPSS
Exploits0References3
OSV
OSV
added 2021/09/09 12:15 p.m.3 views

CVE-2021-36870

Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps plugin versions = 8.1.12. Vulnerable parameters: &datasetname, &wpgmzagdprretentionpurpose, &wpgmzagdprcompanyname, &name 2, &name, &polyname 2, &polyname, &address...

5.4CVSS5.8AI score0.00585EPSS
Exploits0References2
Prion
Prion
added 2021/08/19 2:39 p.m.15 views

Cross site scripting

A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields...

3.5CVSS5.5AI score0.00932EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder