CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0CVE-2025-5177 – Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-5177
26 May 2025 — A vulnerability was found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. It has been rated as problematic. This issue affects some unknown processing of the file /adm/index.php of the component Admin Login Page. The manipulation of the argument Usuário leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.310265 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-5153 – CMS Made Simple Design Manager Module cross site scripting
https://notcve.org/view.php?id=CVE-2025-5153
25 May 2025 — A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/feixuezhi/CMSMadeSimple2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 1CVE-2025-5151 – defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection
https://notcve.org/view.php?id=CVE-2025-5151
25 May 2025 — The manipulation of the argument code leads to code injection. ... Mittels Manipulieren des Arguments code mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/defog-ai/introspect/issues/495 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 1CVE-2025-5150 – docarray Web API torch_dataset.py __getitem__ prototype pollution
https://notcve.org/view.php?id=CVE-2025-5150
25 May 2025 — A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack may be launched remotely. • https://gist.github.com/superboy-zjc/56502343bcb12eb653081b426debf2c8 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-5138 – Bitwarden PDF File cross site scripting
https://notcve.org/view.php?id=CVE-2025-5138
25 May 2025 — A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. • https://github.com/YZS17/CVE/blob/main/PDF%20XSS%20vulnerability%20in%20file%20upload%20function%20of%20%20Bitwarden.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-5137 – DedeCMS Incomplete Fix CVE-2018-9175 sys_verifies.php code injection
https://notcve.org/view.php?id=CVE-2025-5137
25 May 2025 — The manipulation of the argument refiles leads to code injection. ... Durch das Manipulieren des Arguments refiles mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. • https://github.com/CyberPunk-Infernity/Advisory/issues/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: -EXPL: 1CVE-2025-5135 – Tmall Demo Product Details Page admin cross site scripting
https://notcve.org/view.php?id=CVE-2025-5135
24 May 2025 — A vulnerability, which was classified as problematic, has been found in Tmall Demo up to 20250505. Affected by this issue is some unknown functionality of the file /tmall/admin/ of the component Product Details Page. The manipulation of the argument Product Name/Product Title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/bdkuzma/vuln/issues/14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1CVE-2025-5134 – Tmall Demo Buy Item Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-5134
24 May 2025 — A vulnerability classified as problematic was found in Tmall Demo up to 20250505. Affected by this vulnerability is an unknown functionality of the component Buy Item Page. The manipulation of the argument Detailed Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/bdkuzma/vuln/issues/13 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-5133 – Tmall Demo Search Box cross site scripting
https://notcve.org/view.php?id=CVE-2025-5133
24 May 2025 — A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/bdkuzma/vuln/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 17EXPL: 1CVE-2025-5127 – FLIR AX8 prod.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-5127
24 May 2025 — A vulnerability, which was classified as problematic, has been found in FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. The manipulation of the argument cmd leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/YZS17/CVE/blob/main/XSS%20vulnerability%20in%20FLIR%20AX8.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •