CVE-2025-66078

creationtimestamp| type| source ---|---|--- 2025-12-18 09:04:17+00:00| seen| https://infosec.exchange/users/offseq/statuses/115739764726607735 2025-12-18 09:04:18+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3maaszifayo27 2025-12-18 09:27:54+00:00| seen|...

EUVD-2023-60199

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...

CVE-2023-53932

Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post...

CVE-2025-20393

creationtimestamp| type| source ---|---|--- 2025-12-17 17:03:45+00:00| seen| https://infosec.exchange/users/AAKL/statuses/115735906228666088 2025-12-17 17:17:20+00:00| seen| https://bsky.app/profile/pylos.co/post/3ma7645ozwk2t 2025-12-17 17:23:48+00:00| seen|...

CVE-2025-13352

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the improper validation of plugin bot identity. An attacker can cause users to add reactions to arbitrary GitHub objects by sending crafted notification posts. Remediation Upgrade...

CVE-2025-13352 Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking

Mattermost versions 10.11.x = 10.11.6 and Mattermost GitHub plugin versions =2.4.0 fail to validate plugin bot identity in reaction forwarding which allows attackers to hijack the GitHub reaction feature to make users add reactions to arbitrary GitHub objects via crafted notification posts...

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

PT-2025-51970

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated user can inject malicious scripts through blog entry creation. An attacker can create blog entries with JavaScript payloads that execute when other users view the compromised post. This is...

EUVD-2025-203838

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

CVE-2025-65518

creationtimestamp| type| source ---|---|--- 2025-12-16 15:00:07+00:00| published-proof-of-concept| Telegram/vMapVwBTPoziYsVhraiOr2XjKllgeKD5X4QLNBfOpeW9ZJY 2026-01-08 18:58:47+00:00| seen| https://infosec.exchange/users/cR0w/statuses/115861010964456359 2026-01-08 19:40:58+00:00| seen|...

EUVD-2025-203499

The Auto Featured Image Auto Post Thumbnail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkactiongeneratehandler function in all versions up to, and including, 4.2.1. This makes it possible for authenticated attackers, with...

CVE-2025-66402

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

CVE-2025-65590

CVE-2025-65590 affects nopCommerce 4.90.0. The vulnerability is a Cross-Site Scripting (XSS) flaw exploitable via the Blog posts functionality in the Content Management area. The initial report does not provide exact vulnerable component details beyond the Blog posts feature; Red Hat and EUVD mir...

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...

nopCommerce 安全漏洞

nopCommerce is an open source, general purpose e-commerce platform from nopCommerce, Inc. A security vulnerability exists in nopCommerce version 4.90.0, which stems from cross-site scripting in the Blog posts feature in the content management area...

Misskey 安全漏洞

Misskey is a permanently free open source syndicated social media platform from Misskey Open Source. A security vulnerability exists in Misskey version 13.0.0-beta.16 through versions prior to 2025.12.0, which stems from a participant who does not have permission to view favorites or clips being...

CVE-2025-65590

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Blog posts functionality in the Content Management area...