WordPress plugin Station Pro 跨站脚本漏洞

WordPress Station Pro is a plugin designed for the WordPress platform, mainly used to enhance the functionality of the website and provide audio streaming management solutions. WordPress Station Pro suffers from a cross-site scripting vulnerability that stems from insufficient input cleanup and...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20804)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

WordPress plugin Voltax Video Player 跨站脚本漏洞

WordPress Voltax Video Player is a video plugin for the WordPress platform, developed by Minute Media, which is mainly used to embed videos and playlists from Minute Media's online video platform into WordPress websites. WordPress Voltax Video Player suffers from a cross-site scripting...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20800)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

PT-2025-30678 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists due to the PlaylistOwnerUsersId parameter functionality within the managerPlaylists component. A specially crafted HTTP...

SAMSUNG MagicINFO 9 Server File Upload Vulnerability (CNVD-2025-20803)

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

CVE-2025-6054

The CVE-2025-6054 entry concerns the WordPress YANewsflash plugin (versions ≤ 1.0.3) with a Cross-Site Request Forgery (CSRF) vulnerability stemming from missing/incorrect nonce validation on yanewsflash/yanewsflash.php. This CSRF can allow unauthenticated attackers to trigger actions on behalf o...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A file upload vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from a failure to perform strict checks on uploaded file types. An attacker can...

CVE-2025-7687

The Latest Post Accordian Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the 'lpaccordian' page. This makes it possible for unauthenticated attackers to update settings and...

Cross-site Scripting (XSS)

org.glassfish.main.admingui:console-cluster-plugin and org.glassfish.main.admingui:console-common are vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input sanitization caused by the Administration Console failing to adequately validate user-supplied input, enabling t...

CVE-2025-54078

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in versions prior to 3.4.6 in the personalizacaoimagem.php endpoint of the WeGIA application. This vulnerability allows...

PT-2025-30174 · Portabilis · I-Diario

Name of the Vulnerable Software and Affected Versions: Portabilis i-Diario version 1.5.0 Description: A problematic issue exists due to the manipulation of the Justificativa argument, leading to cross site scripting. The issue affects unknown processing of the file /justificativas-de-falta. The...

PT-2025-30131 · Phpgurukul · Phpgurukul Apartment Visitors Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Apartment Visitors Management System version 1.0 Description: A cross site scripting issue exists due to the manipulation of the visname argument within the HTTP POST Request Handler in the /bwdates-reports.php file. The attack can...

CVE-2025-53929

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarcor.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject...

CVE-2025-49486

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items...

CVE-2025-49486 Extension - balbooa.com - Stored XSS in Balbooa Gallery component version 1.0.0 - 2.4.0 for Joomla

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items...

CVE-2025-49486 Extension - balbooa.com - Stored XSS in Balbooa Gallery component version 1.0.0 - 2.4.0 for Joomla

A stored XSS vulnerability in the Balbooa Gallery plugin 1.0.0-2.4.0 for Joomla allows privileged users to store malicious scripts in gallery items...

CVE-2025-6053 Zuppler Online Ordering <= 2.1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Zuppler Online Ordering plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the 'zuppler-online-ordering-options' page. This makes it possible for unauthenticated attackers to...

PT-2025-29932 · Zcms · Zcms

Name of the Vulnerable Software and Affected Versions: ZCMS version 3.6.0 Description: A problematic issue exists in ZCMS 3.6.0 within the Create Article Page component. Manipulation of the Title argument can lead to cross-site scripting. The attack can be initiated remotely, and the exploit has...

CVE-2025-53822

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the relatoriogeracao.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to...