Latest CVE Feed
-
6.1
MEDIUMCVE-2025-9946
The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthen... Read more
Affected Products :- Published: Sep. 30, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2025-53354
NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting (XSS) when developers render unescaped user input into the DOM using ui.html(). NiceGUI did not enforce HTML or JavaScript sanitization, so applications... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60961
Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts.... Read more
- Published: Oct. 06, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-11282
A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting. Remote exploitation of the attack is possible. The ... Read more
Affected Products : learning- Published: Oct. 05, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-57444
An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description param... Read more
Affected Products :- Published: Oct. 01, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-57769
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If em... Read more
Affected Products : freshrss- Published: Sep. 29, 2025
- Modified: Oct. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-9884
The Mobile Site Redirect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers... Read more
Affected Products :- Published: Oct. 03, 2025
- Modified: Oct. 06, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.1
MEDIUMCVE-2025-8887
Authorization Bypass Through User-Controlled Key, Missing Authorization, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Forceful Browsing, Parameter Injection, Input Data Ma... Read more
Affected Products :- Published: Oct. 10, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-11512
A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/voters_add.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack ... Read more
Affected Products : voting_system- Published: Oct. 09, 2025
- Modified: Oct. 10, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60453
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the column management module, specifically in the app\system\column\admin\index.class.php component. The vulnerability allows att... Read more
Affected Products : metinfo- Published: Oct. 03, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60452
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the download management module, specifically in the app\system\download\admin\download_admin.class.php component. The vulnerabili... Read more
Affected Products : metinfo- Published: Oct. 03, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60451
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\uploadify.class.php component, ... Read more
Affected Products : metinfo- Published: Oct. 03, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60450
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists due to insufficient validation and sanitization of SVG file uploads in the app\system\include\module\editor\Uploader.class.php compo... Read more
Affected Products : metinfo- Published: Oct. 03, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-61087
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.... Read more
Affected Products : pet_grooming_management_software- Published: Oct. 02, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-60454
A stored Cross-Site Scripting (XSS) vulnerability has been discovered in MetInfo CMS version 8.0. The vulnerability exists in the image management module, specifically in the app\system\img\admin\img_admin.class.php component. The vulnerability allows att... Read more
Affected Products : metinfo- Published: Oct. 03, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-61587
Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECT_DOMAINS is not set. An attacker can craft a URL on the legitimate... Read more
Affected Products : weblate- Published: Oct. 01, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-56018
SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.... Read more
- Published: Sep. 30, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-56154
htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in the HTML response, allowing attackers to inject arbitrary JavaScript... Read more
Affected Products : htmly- Published: Oct. 02, 2025
- Modified: Oct. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59764
Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identif... Read more
Affected Products : e-tms- Published: Oct. 02, 2025
- Modified: Oct. 02, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-10357
The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.... Read more
Affected Products :- Published: Oct. 14, 2025
- Modified: Oct. 14, 2025
- Vuln Type: Cross-Site Scripting