CVE-2025-9388

A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function of the file watchlist.shtm. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be...

CVE-2025-9434

A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edittitle.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The...

CVE-2025-9438

CVE-2025-9438 affects 1000projects Online Project Report Submission and Evaluation System version 1.0. The vulnerability is a cross-site scripting flaw triggered by manipulating the address argument in the /admin/add_student.php function/file. It can be exploited remotely, and public exploits hav...

CVE-2025-9431 mtons mblog search cross site scripting

A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2025-34736

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in an unknown functionality of the file /fund/add fund.php. Manipulation of the ID argument can trigger the issue, allowing for remote attacks. The...

CVE-2025-9420

Itsourcecode Apartment Management System 1.0 is affected. The vulnerability resides in the file /floor/addfloor.php where manipulation of the hdnid parameter enables a SQL injection. The attack is exploitable remotely and, per linked advisories, the exploit has been published. Some sources recomm...

CVE-2025-9419

The CVE concerns itsourcecode Apartment Management System 1.0. The vulnerability is a SQL injection in /unit/addunit.php triggered by manipulating the ID parameter, exploitable remotely, with a publicly available exploit. Impact in the sources ranges from partial to high confidentiality, integrit...

CVE-2025-9238

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. It is possible to...

CVE-2025-9156

A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public...

CVE-2025-9147

A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The...

CVE-2025-9236

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartipousuariolst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nmtipo/descrição leads to sql injection. The attack may be performed from a...

CVE-2025-9237

CodeAstro Ecommerce Website 1.0 is affected by a cross-site scripting (XSS) issue in the Edit Your Account Page, specifically via manipulation of the Username parameter in /customer/my_account.php?edit_account. The vulnerability originates from an unknown function in that page; exploitation can b...

CVE-2025-9235

A flaw has been found in Scada-LTS up to 2.7.8.1. The impacted element is an unknown function of the file compoundevents.shtm. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-9234

The CVE-2025-9234 issue affects Scada-LTS prior to 2.7.8.2. The vulnerability is a cross-site scripting (XSS) flaw arising from improper handling of the Alias parameter in maintenance_events.shtm, allowing remote attacker-controlled input to be executed in users’ browsers. Multiple sources confir...

CVE-2025-9108

Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. It is possible to launch the attack remotely...

PT-2025-34137 · Scada-Lts · Scada-Lts

Name of the Vulnerable Software and Affected Versions: Scada-LTS versions prior to 2.7.8.2 Description: A flaw has been found in Scada-LTS. The impacted element is an unknown function of the file compound events.shtm. Manipulation of the argument Name causes cross site scripting. The attack is...

CVE-2025-9170

SolidInvoice up to 2.4.0 has a cross-site scripting vulnerability in the Tax Rates Module, affecting an unknown function in /tax/rates where manipulating the Name parameter enables remote exploitation. Public PoC/exploitation steps are linked in multiple sources. Remediation provided in connected...

CVE-2025-9156 itsourcecode Sports Management System sports.php sql injection

A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public...

CVE-2025-9138

Summary of CVE-2025-9138 (Scada-LTS 2.7.8.1) : A cross-site scripting vulnerability exists in the file path pointHierarchy/new/ where manipulation of the Title argument can trigger XSS. The issue appears to be exploitable remotely and the exploit has been made public. Public documents consistentl...

PT-2025-33882 · Unknown · Solidinvoice

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue is located in an unknown function within the /tax/rates file of the Tax Rates Module. Manipulation of the...