CVE-2025-23701

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in limesquare Lime Developer Login lime-developer-login allows Reflected XSS.This issue affects Lime Developer Login: from n/a through = 1.4.0...

EUVD-2024-22240

Malicious code in bioql PyPI...

CVE-2022-43271

Inhabit Systems Pty Ltd Move CRM version 4, build 260 was discovered to contain a cross-site scripting XSS vulnerability via the User profile component...

CVE-2024-29129

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4...

CVE-2025-23701

CVE-2025-23701 describes a Reflected XSS in Lime Developer Login (Lime Developer Login by LimeSquare Pty Ltd) caused by improper neutralization of input during web page generation. Affected: Lime Developer Login, version range v1.0 through v1.4.0 (as stated). The Red Hat CVE record confirms the s...

CVE-2024-52341

CVE-2024-52341 is a stored Cross-Site Scripting vulnerability affecting the WordPress plugin “OS Our Team” (OS Our Team) version

CVE-2024-29129 WordPress OxyExtras plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4...

CVE-2024-24877

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9...

CVE-2024-24877

CVE-2024-24877 affects Wonder Slider Lite (Wonderplugin Slider Lite) up to version 13.9. This is a Reflected XSS caused by improper neutralization of input during web page generation. Public details from NVD indicate CVSS v3.1 base score around 6.1 (MEDIUM); PatchStack and related entries list a ...

CVE-2024-24877 WordPress Wonder Slider Lite Plugin <= 13.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9...

Graylog session fixation vulnerability through cookie injection

Impact Reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject...

CVE-2023-43295

Cross Site Request Forgery vulnerability in Click Studios SA Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request...

Cross site request forgery (csrf)

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery CSRF...

Code injection

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions...

Cross site scripting

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting XSS vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za...

CVE-2022-36246

CVE-2022-36246 affects Shop Beat Media Player versions 2.5.95 through 3.2.57. The issue is an insecure permissions vulnerability in the product, with high impact on confidentiality, integrity, and availability (CVSS 3.1: 9.8, Network attack, no user interaction). Root cause and technical exploit ...

CVE-2022-36250

Shop Beat Media Player versions 2.5.95 through 3.2.57 are affected by a Cross Site Request Forgery (CSRF) vulnerability. The vulnerability enables CSRF attacks that could trick authenticated users into performing unintended actions. The connected PT-2023-13467 entry notes a CSRF issue and recomme...

CVE-2022-36246 Shop Beat Services Vulnerable To Insecure Permissions

Shop Beat Solutions Pty LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions...

CVE-2022-36247

Shop Beat Media Player versions 2.5.95–3.2.57 are vulnerable to an Insecure Direct Object Reference (IDOR) via controlpanel.shopbeat.co.za. The root cause is IDOR, leading to unauthorized access to resources; CVSS 3.1 indicates high confidentiality and integrity impact (score 9.1). No patch/versi...