60 matches found
CVE-2025-65300
A stored Cross-Site Scripting XSS vulnerability exists in the Coohom SaaS Platform feVersion=1760060603897 2025-10-28 in the Account Settings module, where unsanitized user input in Address fields City, State, Country/Region is rendered back to the page. Attackers can inject arbitrary JavaScript...
CVE-2025-65300
The CVE-2025-65300 entry concerns a stored XSS in the Coohom SaaS Platform, specifically in the Account Settings module for feVersion=1760060603897 (2025-10-28). The vulnerability arises from unsanitized input in Address fields (City, State, Country/Region) that is rendered back to the profile pa...
📄 Coohom SaaS Cross Site Scripting
Coohoom SaaS is susceptible to a persistent cross site scripting vulnerability. CVE-2025-65300 Description CVE-2025-65300: Stored Cross-Site Scripting XSS Vulnerability in Coohom SaaS Platform Disclosure Date: 2025-10-28 Last Updated: 2025-10-28 Reporter: Phisit Pupiw Vendor: Coohom CWE: CWE-79 –...
EUVD-2025-201605
A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...
CVE-2025-14194
A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...
Code-Projects Employee Profile Management System 代码注入漏洞
Employee Profile Management System is an employee profile management system. Employee Profile Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter peraddress/drschool/otherschool in...
CVE-2025-26391
CVE-2025-26391: SolarWinds Observability Self-Hosted exposes a cross-site scripting (XSS) vulnerability in user-created URL fields of the SolarWinds Platform. The issue requires authentication from a low-privilege account. Public exploitation details or concrete remediation are not provided in th...
CVE-2025-12148
In CVE-2025-12148, Floragunn Search Guard FLX versions 3.1.1 and earlier expose a vulnerability where Field Masking (FM) rules are not properly enforced on IP-type fields. Although the redacted _source is returned, search hits can be based on specific IP values, enabling reconstruction of the ori...
CVE-2025-54402
Planet WGR-500 v1.3411b190912 contains multiple stack-based buffer overflow flaws in the formPingCmd HTTP handling, cited as CVE-2025-54402 among TALOS-2025-2226. The root cause is unsafe use of stack and heap buffers while composing command and request-data strings: submit-url, ipaddr, and count...
EUVD-2009-3240
Malware in sbrugna...
EUVD-2025-28018
Malicious code in bioql PyPI...
CVE-2025-43860
OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting XSS vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privileges to inject arbitrary JavaScript code into...
code-projects Blood Bank System 跨站脚本漏洞
Code-Projects Blood Bank System is an open source blood bank management system from Code-Projects. A cross-site scripting vulnerability exists in code-projects Blood Bank System version 1.0, which originates from a cross-site scripting issue in the hospital/address/city/contact parameter in the...
PT-2023-5871 · D Link · D-Link Dsl-3782
Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 versions 1.03 and earlier Description: The issue allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. This is related to the lack of protection...
The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.
The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...
Microweber integer overflow vulnerability
Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An integer overflow vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from the fact tha...
Microweber 输入验证错误漏洞
Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An integer overflow vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from the fact tha...
MartDevelopers iResturant 跨站脚本漏洞
MartDevelopers iResturant is an open source lightweight restaurant Erp from MartDevelopers Kenya. for integrating social restaurant operations into one system. A cross-site scripting vulnerability exists in MartDevelopers iResturant version 1.0, which stems from a lack of effective filtering and...
CVE-2021-36870
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps plugin versions = 8.1.12. Vulnerable parameters: &datasetname, &wpgmzagdprretentionpurpose, &wpgmzagdprcompanyname, &name 2, &name, &polyname 2, &polyname, &address...
Cross site scripting
A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields...