Lucene search
K

377 matches found

Vulnrichment
Vulnrichment
added 2025/11/21 9:27 a.m.2 views

CVE-2025-12160 Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS4.9AI score0.00198EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/21 9:27 a.m.4 views

EUVD-2025-198431

The Simple User Registration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpradminmsg' parameter in all versions up to, and including, 6.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS4.8AI score0.00198EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/21 12:0 a.m.6 views

PT-2025-47713

Name of the Vulnerable Software and Affected Versions Simple User Registration versions up to and including 6.6 Description The Simple User Registration plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the wp...

7.2CVSS5.9AI score0.00198EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/11/14 1:3 p.m.7 views

CVE-2025-40681

Cross-site Scripting XSS vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal...

5.1CVSS6.3AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/11 3:31 p.m.5 views

EUVD-2025-84355

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...

5.1CVSS6.8AI score0.00158EPSS
Exploits0References2
NVD
NVD
added 2025/11/11 1:15 p.m.7 views

CVE-2025-41103

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...

5.4CVSS0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/11 12:16 p.m.10 views

CVE-2025-41103 Multiple vulnerabilities in Fairsketch's RISE CRM Framework

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...

5.1CVSS0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/11 12:16 p.m.4 views

CVE-2025-41103 Multiple vulnerabilities in Fairsketch's RISE CRM Framework

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'replymessage' in '/messages/reply'...

5.1CVSS6.9AI score0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/27 10:32 a.m.2 views

CVE-2025-12264 Wisencode Create Support Ticket create cross site scripting

A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results in cross site scripting. The attack may b...

5.1CVSS5.4AI score0.0022EPSS
Exploits1References3
CVE
CVE
added 2025/10/27 10:32 a.m.14 views

CVE-2025-12264

Wisencode (up to 20251012) contains a cross-site scripting flaw in the Create Support Ticket Handler, specifically the /support-ticket/create endpoint. The issue arises from manipulation of the Message parameter, enabling XSS and potentially enabling remote exploitation. Public advisories consist...

5.1CVSS5.4AI score0.0022EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/27 10:32 a.m.7 views

CVE-2025-12264 Wisencode Create Support Ticket create cross site scripting

A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results in cross site scripting. The attack may b...

5.1CVSS0.0022EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.4 views

PT-2025-43931

Name of the Vulnerable Software and Affected Versions Wisencode versions prior to 20251013 Description A security flaw exists in Wisencode up to version 20251012. This issue affects an unknown functionality within the Create Support Ticket Handler component, specifically the file...

5.1CVSS5.3AI score0.0022EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

Wisencode Infotech Wisenshop 代码注入漏洞

Wisencode Infotech Wisenshop is an online shopping platform from India Wisencode Infotech. A code injection vulnerability exists in Wisencode Infotech Wisenshop 20251012 and earlier versions, which stems from an incorrect manipulation of the parameter Message in the file /support-ticket/create,...

5.1CVSS4.7AI score0.0022EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/10/25 8:29 a.m.10 views

CVE-2025-12017

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS5.6AI score0.00201EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/24 8:24 a.m.5 views

EUVD-2025-35807

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS5.2AI score0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/24 8:24 a.m.8 views

CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/24 8:24 a.m.3 views

CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting

The VNPAY Payment gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

6.1CVSS5.2AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/24 12:0 a.m.4 views

PT-2025-43599

Name of the Vulnerable Software and Affected Versions VNPAY Payment gateway plugin for WordPress versions up to and including 1.0.0 Description The VNPAY Payment gateway plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping...

6.1CVSS5.6AI score0.00201EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-24812

Malware in sbrugna...

6.1CVSS6.3AI score0.00819EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-1688

Malware in sbrugna...

4.3CVSS6.4AI score0.01167EPSS
Exploits0References4
Rows per page
Query Builder