CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-16480

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00196EPSS

Exploits0References7

RedhatCVE•added 2025/06/01 9:52 a.m.•7 views

CVE-2025-5235

The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.8AI score0.00196EPSS

Exploits0References1

NVD•added 2025/05/30 10:15 a.m.•9 views

CVE-2025-5235

6.4CVSS0.00196EPSS

Exploits0References6

OSV•added 2025/05/30 10:15 a.m.•3 views

CVE-2025-5235

5.4CVSS5.9AI score

Exploits0References6

CVE•added 2025/05/30 9:22 a.m.•56 views

CVE-2025-5235

CVE-2025-5235 concerns the WordPress plugin OpenSheetMusicDisplay (versions up to and including 1.4.0). The root cause is insufficient input sanitization and output escaping of the className parameter, enabling stored cross-site scripting. Exploitation requires an attacker with Contributor-level ...

6.4CVSS5.8AI score0.00196EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2025/05/30 9:22 a.m.•10 views

CVE-2025-5235 OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

6.4CVSS5.8AI score0.00196EPSS

Exploits0References6

Cvelist•added 2025/05/30 9:22 a.m.•22 views

CVE-2025-5235 OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter

6.4CVSS0.00196EPSS

Exploits0References6

Patchstack•added 2025/05/30 6:45 a.m.•10 views

WordPress OpenSheetMusicDisplay plugin <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via className Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin OpenSheetMusicDisplay versions = 1.4.0...

6.4CVSS5.5AI score0.00196EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/05/30 12:0 a.m.•2 views

PT-2025-23278 · WordPress · Opensheetmusicdisplay

Name of the Vulnerable Software and Affected Versions: OpenSheetMusicDisplay plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping via the className parameter. This allo...

6.4CVSS5.7AI score0.00196EPSS

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by