CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2124 – Control iD RH iD API change_password cross site scripting
https://notcve.org/view.php?id=CVE-2025-2124
09 Mar 2025 — A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/change_password of the component API Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yago3008/cves • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2123 – GeSHi CSS cssgen.php get_var cross site scripting
https://notcve.org/view.php?id=CVE-2025-2123
09 Mar 2025 — A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function get_var of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument default-styles/keywords-1/keywords-2/keywords-3/keywords-4/comments leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GeSHi/geshi-1.0/issues/159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.1EPSS: 0%CPEs: -EXPL: 0CVE-2024-53693 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-53693
07 Mar 2025 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported... • https://www.qnap.com/en/security-advisory/qsa-24-54 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0CVE-2024-50405 – QTS, QuTS hero
https://notcve.org/view.php?id=CVE-2024-50405
07 Mar 2025 — An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been... • https://www.qnap.com/en/security-advisory/qsa-24-54 • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13890 – Allow PHP Execute <= 1.0 - Authenticated (Editor+) PHP Code Injection
https://notcve.org/view.php?id=CVE-2024-13890
07 Mar 2025 — The Allow PHP Execute plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0. • https://plugins.trac.wordpress.org/browser/allow-php-execute/trunk/allow-php-execute.php#L10 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13895 – Code Snippets CPT <= 2.1.0 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
https://notcve.org/view.php?id=CVE-2024-13895
07 Mar 2025 — The The Code Snippets CPT plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/browser/code-snippets-cpt/trunk/lib/CodeSnippitButton.php#L201 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2087 – StarSea99 starsea-mall update cross site scripting
https://notcve.org/view.php?id=CVE-2025-2087
07 Mar 2025 — A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/goods/update. The manipulation of the argument goodsName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/333.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2086 – StarSea99 starsea-mall update cross site scripting
https://notcve.org/view.php?id=CVE-2025-2086
07 Mar 2025 — A vulnerability classified as problematic was found in StarSea99 starsea-mall 1.0. This vulnerability affects unknown code of the file /admin/indexConfigs/update. The manipulation of the argument redirectUrl leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/222.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2085 – StarSea99 starsea-mall save cross site scripting
https://notcve.org/view.php?id=CVE-2025-2085
07 Mar 2025 — A vulnerability classified as problematic has been found in StarSea99 starsea-mall 1.0. This affects an unknown part of the file /admin/carousels/save. The manipulation of the argument redirectUrl leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ExecX/security/blob/main/111.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2084 – PHPGurukul Human Metapneumovirus Testing Management System Search Report Page search-report.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2084
07 Mar 2025 — A vulnerability was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /search-report.php of the component Search Report Page. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/sorcha-l/cve/blob/main/Human%20Metapneumovirus%20(HMPV)%20%E2%80%93%20Testing%20Management%20System%20%20XSS%20in%20search-report.php.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •