Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-6509

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-23 Jun, 2025 | 15:31
Updated At-23 Jun, 2025 | 15:48
Rejected At-
Credits

seaswalker spring-analysis SimpleController.java echo cross site scripting

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:23 Jun, 2025 | 15:31
Updated At:23 Jun, 2025 | 15:48
Rejected At:
▼CVE Numbering Authority (CNA)
seaswalker spring-analysis SimpleController.java echo cross site scripting

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Affected Products
Vendor
seaswalker
Product
spring-analysis
Versions
Affected
  • 4379cce848af96997a9d7ef91d594aa129be8d71
Problem Types
TypeCWE IDDescription
CWECWE-79Cross Site Scripting
CWECWE-94Code Injection
Type: CWE
CWE ID: CWE-79
Description: Cross Site Scripting
Type: CWE
CWE ID: CWE-94
Description: Code Injection
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
3.03.5LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
2.04.0N/A
AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 3.0
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Version: 2.0
Base score: 4.0
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
ShenxiuSecurity (VulDB User)
Timeline
EventDate
Advisory disclosed2025-06-23 00:00:00
VulDB entry created2025-06-23 02:00:00
VulDB entry last update2025-06-23 11:00:34
Event: Advisory disclosed
Date: 2025-06-23 00:00:00
Event: VulDB entry created
Date: 2025-06-23 02:00:00
Event: VulDB entry last update
Date: 2025-06-23 11:00:34
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.313621
vdb-entry
technical-description
https://vuldb.com/?ctiid.313621
signature
permissions-required
https://vuldb.com/?submit.592962
third-party-advisory
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md
exploit
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md#steps-to-reproduce
exploit
Hyperlink: https://vuldb.com/?id.313621
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.313621
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.592962
Resource:
third-party-advisory
Hyperlink: https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md
Resource:
exploit
Hyperlink: https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md#steps-to-reproduce
Resource:
exploit
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:23 Jun, 2025 | 16:15
Updated At:23 Jun, 2025 | 20:16

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.13.5LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Secondary2.04.0MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 3.5
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 2.0
Base score: 4.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:N/I:P/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-79Primarycna@vuldb.com
CWE-94Primarycna@vuldb.com
CWE ID: CWE-79
Type: Primary
Source: cna@vuldb.com
CWE ID: CWE-94
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.mdcna@vuldb.com
N/A
https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md#steps-to-reproducecna@vuldb.com
N/A
https://vuldb.com/?ctiid.313621cna@vuldb.com
N/A
https://vuldb.com/?id.313621cna@vuldb.com
N/A
https://vuldb.com/?submit.592962cna@vuldb.com
N/A
Hyperlink: https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250609-01/report.md#steps-to-reproduce
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.313621
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.313621
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.592962
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1471Records found
CVE-2024-12346
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.60%
||
7 Day CHG~0.00%
Published-08 Dec, 2024 | 23:31
Updated-09 Dec, 2024 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Talentera byt_cv_manager cross site scripting

A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-n/atalentera
Product-Talenteratalentera
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12359
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 05:00
Updated-10 Dec, 2024 | 23:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Admin Dashboard vendor_management.php cross site scripting

A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.

Action-Not Available
Vendor-Source Code & Projects
Product-admin_dashboardAdmin Dashboardadmin_dashboard
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12232
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.48%
||
7 Day CHG~0.00%
Published-05 Dec, 2024 | 16:00
Updated-27 Feb, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple CRUD Functionality index.php cross site scripting

A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-simple_crud_functionalitySimple CRUD Functionalitysimple_crud_functionality
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-7601
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.24%
||
7 Day CHG-0.00%
Published-14 Jul, 2025 | 11:44
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Library Management System student-history.php cross site scripting

A vulnerability has been found in PHPGurukul Online Library Management System 3.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/student-history.php. The manipulation of the argument stdid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-Online Library Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-3434
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.81% / 73.93%
||
7 Day CHG~0.00%
Published-08 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Web-Based Student Clearance System add-student.php prepare cross site scripting

A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been rated as problematic. Affected by this issue is the function prepare of the file /Admin/add-student.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210356.

Action-Not Available
Vendor-web-based_student_clearance_system_projectSourceCodester
Product-web-based_student_clearance_systemWeb-Based Student Clearance System
CWE ID-CWE-707
Improper Neutralization
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12181
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.13%
||
7 Day CHG-0.04%
Published-04 Dec, 2024 | 22:00
Updated-10 Dec, 2024 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS SWF File uploads_add.php cross site scripting

A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12180
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.38%
||
7 Day CHG~0.00%
Published-04 Dec, 2024 | 22:00
Updated-10 Dec, 2024 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DedeCMS article_add.php cross site scripting

A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsDedeCMSdedecms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-1256
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.07% / 22.48%
||
7 Day CHG~0.00%
Published-06 Feb, 2024 | 19:31
Updated-01 Aug, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jspxcms filter_text.do cross site scripting

A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995.

Action-Not Available
Vendor-ujcmsn/a
Product-jspxcmsJspxcms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-11820
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.42%
||
7 Day CHG~0.00%
Published-27 Nov, 2024 | 00:00
Updated-03 Dec, 2024 | 14:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Crud Operation System add.php cross site scripting

A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-Source Code & Projects
Product-crud_operation_systemCrud Operation Systemcrud_operation_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12348
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.70%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 00:00
Updated-04 Jun, 2025 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Guizhou Xiaoma Technology jpress Attachment Upload upload AttachmentUtils.isUnSafe cross site scripting

A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-jpressGuizhou Xiaoma Technologyjpress
Product-jpressjpressjpress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12665
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.15%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 19:31
Updated-19 Dec, 2024 | 14:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting

A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-ruifang-techruifang-tech
Product-rebuildRebuild
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-12001
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.79%
||
7 Day CHG-0.02%
Published-30 Nov, 2024 | 12:31
Updated-10 Dec, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Wazifa System Setting updatesettings.php cross site scripting

A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-wazifa_systemWazifa Systemwazifa_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-1128
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-5.4||MEDIUM
EPSS-0.15% / 35.60%
||
7 Day CHG~0.00%
Published-20 Feb, 2024 | 18:56
Updated-15 Jan, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting

Action-Not Available
Vendor-Themeum
Product-tutor_lmsTutor LMS – eLearning and online course solution
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-11491
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.76%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 17:00
Updated-05 Nov, 2025 | 22:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
115cms useradmin.html cross site scripting

A vulnerability was found in 115cms up to 20240807. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php/admin/web/useradmin.html. The manipulation of the argument ks leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-115cmsn/a
Product-115cms115cms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11175
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 28.03%
||
7 Day CHG~0.00%
Published-13 Nov, 2024 | 15:31
Updated-15 Nov, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Public CMS Voting Management save cross site scripting

A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue.

Action-Not Available
Vendor-publiccmsPublicpubliccms
Product-publiccmsCMSpubliccms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11660
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.27%
||
7 Day CHG~0.00%
Published-25 Nov, 2024 | 07:00
Updated-04 Dec, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Farmacia usuario.php cross site scripting

A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-farmaciaFarmaciafarmacia
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-1099
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.22% / 44.92%
||
7 Day CHG+0.10%
Published-31 Jan, 2024 | 11:31
Updated-23 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rebuild read-raw getFileOfData cross site scripting

A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252456.

Action-Not Available
Vendor-ruifang-techn/a
Product-rebuildRebuild
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-11078
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.17% / 38.48%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 19:31
Updated-30 Sep, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Job Recruitment register.php cross site scripting

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e/role leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-job_recruitmentJob Recruitmentjob_recruitment
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11676
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.54%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 00:31
Updated-04 Dec, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting

A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hospital_management_system_projectCodeAstro
Product-hospital_management_systemHospital Management Systemhospital_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11070
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.09%
||
7 Day CHG~0.00%
Published-11 Nov, 2024 | 14:31
Updated-23 Nov, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sanluan PublicCMS Tag Type save cross site scripting

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-publiccmsSanluansanluan
Product-publiccmsPublicCMSpubliccms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-1103
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.22% / 44.92%
||
7 Day CHG+0.10%
Published-31 Jan, 2024 | 15:00
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Real Estate Management System Feedback Form profile.php cross site scripting

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input <img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-CodeAstro
Product-real_estate_management_systemReal Estate Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-11247
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 48.71%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 16:31
Updated-19 Nov, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop Inventory Page Master.php cross site scripting

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11678
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.69%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 01:31
Updated-04 Dec, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Hospital Management System his_doc_register_patient.php cross site scripting

A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hospital_management_system_projectCodeAstro
Product-hospital_management_systemHospital Management Systemhospital_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11489
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 48.90%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 16:31
Updated-22 Nov, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
115cms file.html cross site scripting

A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The manipulation of the argument ks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-115cmsn/a115cms
Product-115cms115cms115cms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-11675
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.41%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 00:00
Updated-04 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Hospital Management System Add Patient Details Page his_admin_register_patient.php cross site scripting

A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CodeAstroPHPGurukul LLP
Product-hospital_management_systemHospital Management Systemhospital_management_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2024-10926
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.21% / 43.69%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 21:00
Updated-08 Nov, 2024 | 19:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBPhoenix ibWebAdmin Tabelas Section toggle_fold_panel.php cross site scripting

A vulnerability was found in IBPhoenix ibWebAdmin up to 1.0.2 and classified as problematic. This issue affects some unknown processing of the file /toggle_fold_panel.php of the component Tabelas Section. The manipulation of the argument p leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-IBPhoenixibphoenix
Product-ibWebAdminibwebadmin
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10927
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.12%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 22:31
Updated-22 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MonoCMS Account Information Page account.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-monocmsn/amonocms
Product-monocmsMonoCMSmonocms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-10928
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.12%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 22:31
Updated-22 Nov, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MonoCMS Posts Page opensaved.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /monofiles/opensaved.php of the component Posts Page. The manipulation of the argument filtcategory/filtstatus leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-monocmsn/amonocms
Product-monocmsMonoCMSmonocms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-2266
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 25.47%
||
7 Day CHG~0.00%
Published-07 Mar, 2024 | 21:31
Updated-11 Mar, 2025 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-keerti1924keerti1924keerti1924
Product-secret-coder-php-projectSecret-Coder-PHP-Projectsecret-coder-php-project
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-25084
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.29% / 51.61%
||
7 Day CHG~0.00%
Published-25 Dec, 2022 | 17:01
Updated-17 May, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hide Files on GitHub options.js addEventListener cross site scripting

A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 9de0c57df81db1178e0e79431d462f6d9842742e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216767.

Action-Not Available
Vendor-hide_files_on_github_projectn/a
Product-hide_files_on_githubHide Files on GitHub
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1028
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.06% / 17.11%
||
7 Day CHG+0.01%
Published-30 Jan, 2024 | 04:31
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Facebook News Feed Like Post cross site scripting

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input <marquee>HACKED</marquee> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252301 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-facebook_news_feed_likeFacebook News Feed Like
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10701
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.52%
||
7 Day CHG~0.00%
Published-02 Nov, 2024 | 17:31
Updated-05 Nov, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Car Rental Portal search.php cross site scripting

A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-car_rental_portalCar Rental Portalcar_rental_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1024
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.06% / 19.98%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 00:31
Updated-18 Oct, 2024 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Facebook News Feed Like New Account cross site scripting

A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-facebook_news_feed_likeFacebook News Feed Like
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10744
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.90%
||
7 Day CHG~0.00%
Published-03 Nov, 2024 | 22:31
Updated-05 Nov, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal complex_header_2.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portalonline_shopping_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1029
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.08% / 24.68%
||
7 Day CHG+0.02%
Published-30 Jan, 2024 | 05:31
Updated-17 Jun, 2025 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cogites eReserv tenancyDetail.php cross site scripting

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux"><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-cogitesCogites
Product-ereserveReserv
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10192
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.79%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 07:00
Updated-22 Oct, 2024 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul IFSC Code Finder Project search.php cross site scripting

A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-ifsc_code_finderIFSC Code Finder Project
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10276
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.24%
||
7 Day CHG~0.00%
Published-23 Oct, 2024 | 11:00
Updated-01 May, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Telestream Sentry Reports Page page cross site scripting

A vulnerability has been found in Telestream Sentry 6.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /?page=reports of the component Reports Page. The manipulation of the argument z leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-telestreamTelestreamtelestream
Product-sentrySentrysentry
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10191
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.47%
||
7 Day CHG~0.00%
Published-20 Oct, 2024 | 05:31
Updated-22 Oct, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Boat Booking System Booking Details Page book-details.php cross site scripting

A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-boat_booking_systemBoat Booking System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1031
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.09% / 25.47%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 13:00
Updated-11 Jun, 2025 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Expense Management System Add Expenses Page 5-Add-Expenses.php cross site scripting

A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304.

Action-Not Available
Vendor-CodeAstrooretnom23
Product-expense_management_systemExpense Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1010
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.20% / 41.53%
||
7 Day CHG~0.00%
Published-29 Jan, 2024 | 16:31
Updated-29 May, 2025 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee Management System edit-profile.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279.

Action-Not Available
Vendor-SourceCodesterWalterjnr1
Product-employee_management_systemEmployee Management System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1030
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.12% / 30.56%
||
7 Day CHG+0.04%
Published-30 Jan, 2024 | 10:00
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cogites eReserv tenancyDetail.php cross site scripting

A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303.

Action-Not Available
Vendor-cogitesCogites
Product-ereserveReserv
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-1026
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 01:00
Updated-09 Jun, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cogites eReserv config.php cross site scripting

A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability.

Action-Not Available
Vendor-cogitesCogites
Product-ereserveReserv
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10142
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 31.38%
||
7 Day CHG~0.00%
Published-19 Oct, 2024 | 17:00
Updated-22 Oct, 2024 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank System viewrequest.php cross site scripting

A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-blood_bank_systemBlood Bank Systemblood_bank_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10754
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 02:31
Updated-05 Nov, 2024 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal dymanic_table.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portalonline_shopping_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10155
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.01%
||
7 Day CHG~0.00%
Published-19 Oct, 2024 | 20:31
Updated-22 Oct, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Boat Booking System Book a Boat Page book-boat.php cross site scripting

A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-boat_booking_systemBoat Booking Systemboat_booking_system
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10753
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.79%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 02:00
Updated-06 Nov, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal dom_data_two_headers.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portalonline_shopping_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10746
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.93%
||
7 Day CHG~0.00%
Published-03 Nov, 2024 | 23:31
Updated-05 Nov, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal dom_data.php cross site scripting

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portalonline_shopping_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-10745
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 41.90%
||
7 Day CHG~0.00%
Published-03 Nov, 2024 | 23:00
Updated-05 Nov, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Shopping Portal deferred_table.php cross site scripting

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_shopping_portalOnline Shopping Portalonline_shopping_portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-0189
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 18:00
Updated-09 May, 2025 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RRJ Nueva Ecija Engineer Online Portal Create Message teacher_message.php cross site scripting

A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-niaRRJ
Product-rrj_nueva_ecija_engineer_online_portalNueva Ecija Engineer Online Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-0773
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.17% / 38.04%
||
7 Day CHG~0.00%
Published-21 Jan, 2024 | 23:31
Updated-30 May, 2025 | 14:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CodeAstro Internet Banking System pages_client_signup.php cross site scripting

A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability.

Action-Not Available
Vendor-martinmbithiCodeAstro
Product-internet_banking_systemInternet Banking System
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 17
  • 18
  • 19
  • ...
  • 29
  • 30
  • Next
Details not found