CVE-2019-25731 Zuz Music 2.1 Persistent Cross-site Scripting via zuzconsole Contact

Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code through the name, subject, and message parameters in POST requests to...

EUVD-2025-150400

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

Cross-site Scripting (XSS)

Overview ph7software/ph7builder is a pH7Builder. Social Dating Web App Site Builder Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message content field in the application's messaging system. An attacker can execute arbitrary scripts in the context of another...

CVE-2025-63645

CVE-2025-63645 is a stored XSS in pH7Software pH7-Social-Dating-CMS 17.9.1, affecting the messaging system where unsanitized message content is persisted and later rendered in Inbox view without proper encoding, allowing attacker-controlled content to execute in a recipient’s browser. Public docs...

Optus/Huawei E960 HSDPA Router - Sms Cross-Site Scripting

XSS Attack using SMS to Optus/Huawei E960 HSDPA Router Synopsis -------- Huawei E960 HSDPA Router firmware version 246.11.04.11.110sp04 is vulnerable to XSS attack using SMS. One of the feature of this router is the ability to send and receive SMS through its web interface. The SMS text is...