Latest CVE Feed
-
6.1
MEDIUMCVE-2025-12300
A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addcategory.php. This manipulation of the argument cname causes cross site scripting. The attack can be initiated remo... Read more
Affected Products : simple_food_ordering_system- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-42886
Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is proces... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-27064
Information disclosure while registering commands from clients with diag through diagHal.... Read more
Affected Products : qca6574au_firmware qca6595au_firmware sa6155p_firmware sa8155p_firmware sa8195p_firmware wcd9380_firmware wcn3980_firmware wsa8830_firmware wsa8835_firmware ipq9008_firmware +144 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-47362
Information disclosure while processing message from client with invalid payload.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware +66 more products- Published: Nov. 04, 2025
- Modified: Nov. 05, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-12302
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element is an unknown function of the file /editproduct.php. Performing manipulation of the argument pname/category/price results in cross site scripting. The atta... Read more
Affected Products : simple_food_ordering_system- Published: Oct. 27, 2025
- Modified: Nov. 03, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-48095
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through <= 5.1.8.8.... Read more
Affected Products : survey_maker- Published: Oct. 22, 2025
- Modified: Oct. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-42924
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the applica... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Server-Side Request Forgery
-
6.1
MEDIUMCVE-2025-12021
The WP-OAuth plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'error_description' parameter in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unau... Read more
Affected Products :- Published: Nov. 11, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-59491
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.... Read more
Affected Products :- Published: Nov. 12, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-41384
Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain with malicious JavaScript code at the end. The ser... Read more
Affected Products : suitecrm- Published: Oct. 27, 2025
- Modified: Oct. 28, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-63544
TechStore 1.0 is vulnerable to Cross Site Scripting (XSS) in /order_notes via the id parameter.... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-47890
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0 all versions;... Read more
- Published: Oct. 14, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-63447
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /add_customer.php.... Read more
Affected Products : water_management_system- Published: Nov. 03, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-63639
The chat feature in the application Sourcecodester FAQ Bot with AI Assistant v1.0 is vulnerable to Cross-Site Scripting (XSS) due to improper handling of user-supplied input. An attacker can inject malicious HTML or JavaScript into chat messages, which ex... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-63418
A DOM-based Cross-Site Scripting (XSS) vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads via the browser's developer console. The vulnerability... Read more
Affected Products : selfbest- Published: Nov. 05, 2025
- Modified: Nov. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-12789
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL.... Read more
Affected Products :- Published: Nov. 07, 2025
- Modified: Nov. 12, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-53058
Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Application Logging Interfaces). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker wit... Read more
Affected Products : applications_manager- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
-
6.1
MEDIUMCVE-2025-53055
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with net... Read more
Affected Products : peoplesoft_enterprise_peopletools- Published: Oct. 21, 2025
- Modified: Oct. 23, 2025
-
6.1
MEDIUMCVE-2025-12471
The Hubbub Lite – Fast, free social sharing and follow buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dpsp_list_attention_search' parameter in all versions up to, and including, 1.36.0 due to insufficient input sanit... Read more
Affected Products :- Published: Nov. 06, 2025
- Modified: Nov. 06, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-49904
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Reflected XSS.This issue affects Booking and Rental Manager: ... Read more
Affected Products : booking_\&_rental_manager- Published: Nov. 06, 2025
- Modified: Nov. 10, 2025
- Vuln Type: Cross-Site Scripting