PT-2025-5054 · Unknown · Fures Xtra Settings

Name of the Vulnerable Software and Affected Versions: fures XTRA Settings versions n/a through 2.1.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected XSS. This means that an attacker can inject malicious scripts into the...

PT-2025-2471 · Blossom Themes · Blossom Themes Vandana Lite

Name of the Vulnerable Software and Affected Versions: Blossom Themes Vandana Lite versions 1.1.9 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. Recommendations: For versions 1.1.9 and...

PT-2024-27581

Name of the Vulnerable Software and Affected Versions Woffice Core versions through 5.4.8 Description A Cross Site Scripting XSS vulnerability in WofficeIO Woffice Core allows Reflected XSS. Recommendations For versions through 5.4.8, update to a version later than 5.4.8 to resolve the issue. At...

CuteNews vulnerable to cross-site scripting

Overview Cute News provided by CutePHP.com is a system to manage news. Cute News contains a cross-site scripting vulnerability CWE-79. During the meeting of Committee for authorizing the disclosure of unresolved vulnerabilities held on January 16, 2020, it was judged that an advisory for this...