CVSS: 5.1EPSS: 0%CPEs: -EXPL: 0CVE-2025-2981 – Legrand SMS PowerView cross site scripting
https://notcve.org/view.php?id=CVE-2025-2981
31 Mar 2025 — A vulnerability, which was classified as problematic, has been found in Legrand SMS PowerView 1.x. This issue affects some unknown processing. The manipulation of the argument redirect leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.302033 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-2979 – WCMS Registration setregister cross site scripting
https://notcve.org/view.php?id=CVE-2025-2979
31 Mar 2025 — A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. • https://github.com/caigo8/CVE-md/blob/main/wcms11/%E5%AD%98%E5%82%A8%E5%9E%8BXSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2977 – GFI KerioConnect PDF File cross site scripting
https://notcve.org/view.php?id=CVE-2025-2977
31 Mar 2025 — A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/0xs1ash/poc/blob/main/portable_data_exfiltration.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2976 – GFI KerioConnect File Upload cross site scripting
https://notcve.org/view.php?id=CVE-2025-2976
31 Mar 2025 — A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/0xs1ash/poc/blob/main/xss.md#2-when-a-file-with-a-malicious-javascript-code-in-its-name-is-uploaded-to-the-system-it-is-displayed-again-on-the-page-within-the-input-field-without-being-sanitized-this-creates-the-potential-for-an-xss-att • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2975 – GFI KerioConnect Signature EditHtmlSource cross site scripting
https://notcve.org/view.php?id=CVE-2025-2975
31 Mar 2025 — A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/0xs1ash/poc/blob/main/xss.md#1-stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2974 – CodeCanyon Perfex CRM Contracts contract cross site scripting
https://notcve.org/view.php?id=CVE-2025-2974
31 Mar 2025 — A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://bytium.com/stored-xss-in-perfex-crm-3-2-1-contracts-module • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2972 – ConcreteCMS Page Attribute Display Block cross site scripting
https://notcve.org/view.php?id=CVE-2025-2972
31 Mar 2025 — A vulnerability, which was classified as problematic, has been found in ConcreteCMS up to 9.3.9. Affected by this issue is some unknown functionality of the component Page Attribute Display Block Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc10.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2971 – ConcreteCMS List Block cross site scripting
https://notcve.org/view.php?id=CVE-2025-2971
31 Mar 2025 — A vulnerability classified as problematic was found in ConcreteCMS up to 9.3.9. Affected by this vulnerability is an unknown functionality of the component List Block Handler. The manipulation of the argument Name/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc9.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2970 – ConcreteCMS Switch Language Block cross site scripting
https://notcve.org/view.php?id=CVE-2025-2970
31 Mar 2025 — A vulnerability classified as problematic has been found in ConcreteCMS up to 9.3.9. Affected is an unknown function of the component Switch Language Block Handler. The manipulation of the argument Label leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc8.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-2969 – ConcreteCMS Feature Link Block save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2969
31 Mar 2025 — A vulnerability was found in ConcreteCMS up to 9.3.9. It has been rated as problematic. This issue affects the function Save of the component Feature Link Block Handler. The manipulation of the argument Title/Body Source/Button Text leads to cross site scripting. The attack may be initiated remotely. • https://github.com/yaowenxiao721/Poc/blob/main/Concretecms/Concretecms-poc7.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •