CVE-2025-64114

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

EUVD-2025-37926

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

PT-2025-45153

Name of the Vulnerable Software and Affected Versions SelfBest version 2023.3 Description A Stored Cross-Site Scripting XSS issue exists in the chat functionality of the SelfBest platform. Authenticated, low-privileged attackers can execute arbitrary JavaScript in the context of other users’...

CVE-2025-63416

exclusively-hosted-service A Stored Cross-Site Scripting XSS vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the context of other users' sessions. This can be exploited to access administrativ...

CVE-2025-63416

CVE-2025-63416 is a stored XSS vulnerability in SelfBest platform 2023.3 (chat feature). The issue allows authenticated, low-privileged users to execute arbitrary JavaScript in other sessions, potentially accessing administrative data and performing privilege escalation, including exfiltration of...

PT-2025-45012

Name of the Vulnerable Software and Affected Versions MeetingList plugin for WordPress versions prior to 0.11 Description The software is susceptible to Stored Cross-Site Scripting through admin settings due to inadequate input sanitization and output escaping. This allows authenticated attackers...

CVE-2025-34273

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

CVE-2025-34273

Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged use...

CVE-2025-10636

The WordPress plugin NS Maintenance Mode for WP (versions up to 1.3.1) has a stored XSS flaw due to insufficient sanitization/escaping of certain settings, which could let high-privilege users (e.g., admins) inject scripts even when unfiltered_html is disallowed (multisite scenarios). PTSecurity/...

CVE-2025-12228

A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The...

PT-2025-43882

Name of the Vulnerable Software and Affected Versions projectworlds Expense Management System version 1.0 Description A flaw exists in projectworlds Expense Management System that allows for cross site scripting. The issue is located in an unknown function within the /public/admin/users/create fi...

PT-2025-43609

Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description The Try-It feature, accessible to administrative users, contains server-side request forgery SSRF and reflected cross-site scripting XSS issues. The feature does not properly validate...

CVE-2025-53701

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

CVE-2025-53701

Vilar VS-IPC1002 IP cameras are affected by two confirmed issues documented across multiple sources. The vulnerability is a Reflected XSS in GET parameters sent to /cgi-bin/action, caused by inadequate sanitization which can target logged-in admin users. Additionally, DoS exposure exists where an...

EUVD-2025-35685

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras

Vilar VS-IPC1002 IP cameras are vulnerable to Reflected XSS Cross-site Scripting attacks, because parameters in GET requests sent to /cgi-bin/action endpoint are not sanitized properly, making it possible to target logged in admin users. The vendor did not respond in any way. Only version 1.1.0.1...

CVE-2025-10187

The GSpeech TTS – WordPress Text To Speech Plugin plugin for WordPress is vulnerable to SQL Injection via the 'field' parameter in all versions up to, and including, 3.17.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

GHSA-FG89-G389-P346 bagisto has a Cross Site Scripting (XSS) vulnerability in TinyMCE Image Upload (SVG)

Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted SVG file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The underlying probl...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Transport name field, which is stored and later rendered in the Transports column of...