Latest CVE Feed
-
6.1
MEDIUMCVE-2025-65572
Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to execute arbitrary code via the (1) config, (2) filename, or (3) extratext parameter to allskySettings.php. When the page is reloaded or when user visit... Read more
Affected Products : allsky- Published: Dec. 09, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-14200
A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation le... Read more
Affected Products : hotel-management-services-using-mysql-and-php- Published: Dec. 07, 2025
- Modified: Dec. 11, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65589
nopCommerce 4.90.0 is vulnerable to Cross Site Scripting (XSS) via the Attributes functionality.... Read more
Affected Products : nopcommerce- Published: Dec. 16, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65120
Reflected cross-site scripting vulnerability exists in GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSession ZION prior to ver5.7.1. If a user accesses a crafted page or URL, an arbitrary script may be execu... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-34425
MailEnable versions prior to 10.54 contain a reflected cross-site scripting (XSS) vulnerability in the WindowContext parameter of /Mondo/lang/sys/Forms/MAI/compose.aspx. The WindowContext value is not properly sanitized when processed via a GET request an... Read more
Affected Products : mailenable- Published: Dec. 09, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-12834
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failure_message' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This... Read more
Affected Products : accept_stripe_payments_using_contact_form_7- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-68387
Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vul... Read more
Affected Products : kibana- Published: Dec. 18, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65790
A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim opens a crafted SVG contain... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-65442
DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted "wvstest" parameter in the URL or malici... Read more
Affected Products : novel- Published: Dec. 29, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-13513
The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for u... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-67443
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.... Read more
Affected Products :- Published: Dec. 22, 2025
- Modified: Dec. 23, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-68509
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Jeff Starr User Submitted Posts user-submitted-posts allows Phishing.This issue affects User Submitted Posts: from n/a through <= 20251121.... Read more
Affected Products : user_submitted_posts- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-13988
The 评论小秘书 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` variable in all versions up to, and including, 1.3.2. This is due to insufficient input sanitization and output escaping on the `$_SERVER['PHP_SE... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-15355
ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-64250
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wpWax Directorist directorist allows Phishing.This issue affects Directorist: from n/a through <= 8.5.6.... Read more
Affected Products : directorist- Published: Dec. 16, 2025
- Modified: Dec. 16, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-34440
AVideo versions prior to 20.1 contain an open redirect vulnerability caused by insufficient validation of the siteRedirectUri parameter during user registration. Attackers can redirect users to external sites, facilitating phishing attacks.... Read more
Affected Products : avideo- Published: Dec. 17, 2025
- Modified: Dec. 19, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-68602
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Accept Donations with PayPal easy-paypal-donation allows Phishing.This issue affects Accept Donations with PayPal: from n/a through <= 1.5.1.... Read more
Affected Products : accept_donations_with_paypal- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
6.1
MEDIUMCVE-2025-14049
The VikRentItems Flexible Rental Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'delto' parameter in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This ... Read more
Affected Products :- Published: Dec. 12, 2025
- Modified: Dec. 12, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-66452
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (inclu... Read more
Affected Products : librechat- Published: Dec. 11, 2025
- Modified: Dec. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-68165
In JetBrains TeamCity before 2025.11 reflected XSS was possible on VCS Root setup... Read more
Affected Products : teamcity- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting