CVSS: 5.1EPSS: %CPEs: 1EXPL: 1CVE-2025-3297 – SourceCodester Online Eyewear Shop Master.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-3297
05 Apr 2025 — A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/foreverfeifei/cve/blob/main/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: %CPEs: -EXPL: 0CVE-2025-32200 – WordPress Advanced WordPress Backgrounds Plugin <= 1.12.4 - Content Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-32200
04 Apr 2025 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Nikita Advanced WordPress Backgrounds allows Code Injection. • https://patchstack.com/database/wordpress/plugin/advanced-backgrounds/vulnerability/wordpress-advanced-wordpress-backgrounds-plugin-1-12-4-content-injection-vulnerability?_s_id=cve • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.1EPSS: %CPEs: 1EXPL: 1CVE-2025-3253 – xujiangfei admintwo insertTree cross site scripting
https://notcve.org/view.php?id=CVE-2025-3253
04 Apr 2025 — A vulnerability was found in xujiangfei admintwo 1.0 and classified as problematic. This issue affects some unknown processing of the file /ztree/insertTree. The manipulation of the argument Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/admintwo/XSS3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: %CPEs: 1EXPL: 1CVE-2025-3252 – xujiangfei admintwo add cross site scripting
https://notcve.org/view.php?id=CVE-2025-3252
04 Apr 2025 — A vulnerability has been found in xujiangfei admintwo 1.0 and classified as problematic. This vulnerability affects unknown code of the file /resource/add. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/admintwo/XSS2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: %CPEs: 1EXPL: 1CVE-2025-3251 – xujiangfei admintwo updateSet cross site scripting
https://notcve.org/view.php?id=CVE-2025-3251
04 Apr 2025 — A vulnerability, which was classified as problematic, was found in xujiangfei admintwo 1.0. This affects an unknown part of the file /user/updateSet. The manipulation of the argument motto leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/caigo8/CVE-md/blob/main/admintwo/XSS1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3219 – CodeCanyon Perfex CRM Project Discussions Module 2 cross site scripting
https://notcve.org/view.php?id=CVE-2025-3219
04 Apr 2025 — A vulnerability was found in CodeCanyon Perfex CRM 3.2.1. It has been classified as problematic. Affected is an unknown function of the file /perfex/clients/project/2 of the component Project Discussions Module. The manipulation of the argument description leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/bytium/vulnerability-research/blob/main/stored-xss-perfex-crm-3.2.1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13645 – TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation
https://notcve.org/view.php?id=CVE-2024-13645
03 Apr 2025 — The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may a... • https://tagdiv.com/tagdiv-composer-page-builder-basics • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 1CVE-2025-3164 – Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection
https://notcve.org/view.php?id=CVE-2025-3164
03 Apr 2025 — The manipulation leads to code injection. ... Mittels dem Manipulieren mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.303110 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2025-3163 – InternLM LMDeploy conf.py open code injection
https://notcve.org/view.php?id=CVE-2025-3163
03 Apr 2025 — The manipulation leads to code injection. ... Durch Manipulation mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://vuldb.com/?id.303109 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3157 – Intelbras WRN 150 Wireless Menu cross site scripting
https://notcve.org/view.php?id=CVE-2025-3157
03 Apr 2025 — A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?id.303101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •