CVE-2025-10088

CVE-2025-10088 affects SourceCodester Time Tracker 1.0. An unknown function in /index.html is vulnerable when manipulating the project-name parameter, enabling cross-site scripting that could be triggered remotely. Exploit is publicly available (PoC). A practical interim mitigation from PT-2025-3...

CVE-2025-10064

A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unittesting/templates/domdatatwoheaders.php. The manipulation of the argument scripts results in cross site scripting. The...

CVE-2025-9940

A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2025-9922

A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has bee...

CVE-2025-9921

A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument productcode/genname/productname/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has be...

CVE-2025-9734 O2OA Personal Profile stat cross site scripting

A security flaw has been discovered in O2OA up to 10.0-410. The impacted element is an unknown function of the file /xqueryassembledesigner/jaxrs/stat of the component Personal Profile Page. The manipulation of the argument name/alias/description/applicationName results in cross site scripting. T...

PT-2025-35247

Name of the Vulnerable Software and Affected Versions: O2OA versions prior to 10.0-410 Description: A cross-site scripting issue exists in O2OA’s Personal Profile Page component. The issue is related to an unknown function within the /x portal assemble designer/jaxrs/widget file. Successful...

Linux Distros Unpatched Vulnerability : CVE-2018-25052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in Catalyst-Plugin-Session up to 0.40 and classified as problematic. This vulnerability affects the function loadsessionid of the...

CVE-2025-9439

A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/editfaculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is...

CVE-2025-9404

A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2025-9234

A vulnerability was detected in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file maintenanceevents.shtm. The manipulation of the argument Alias results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used...

PT-2025-33743 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A security issue exists in Scada-LTS 2.7.8.1 related to the processing of the view edit.shtm file within the SVG File Handler component. Manipulation of the backgroundImageMP argument can lead to...

CVE-2025-8919

A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch...

CVE-2025-8785

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. This issue affects some unknown processing of the file /intranet/educarusuariolst.php. The manipulation of the argument nmpessoa/matricula/matriculainterna leads to cross site scripting. The...

CVE-2025-8545

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /intranet/educarmotivoafastamentocad.php. The manipulation of the argument nmmotivo leads to cross site scripting. The attack may be...

CVE-2025-8211

A vulnerability was found in Roothub up to 2.6. It has been declared as problematic. Affected by this vulnerability is the function Edit of the file src/main/java/cn/roothub/web/admin/SystemConfigAdminController.java. The manipulation leads to cross site scripting. The attack can be launched...

CVE-2025-8115

A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/new-autoortaxi-entry-form.php. The manipulation of the argument registrationnumber/licensenumber leads to cros...

CVE-2025-6778

A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/savesettings.php. The manipulation of the argument sitephone/siteemail/address leads to cross site scripting. It is possible to launch the...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

CVE-2025-6347

A vulnerability was found in code-projects Responsive Blog 1.0/1.12.4/3.3.4. It has been declared as problematic. This vulnerability affects unknown code of the file /responsive/resblog/blogadmin/admin/pageViewMembers.php. The manipulation leads to cross site scripting. The attack can be initiate...