CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2714 – JoomlaUX JUX Real Estate addagent cross site scripting
https://notcve.org/view.php?id=CVE-2025-2714
24 Mar 2025 — A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents/agent-register/addagent. The manipulation of the argument plan_id leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.300734 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2712 – Yonyou UFIDA ERP-NC top.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2712
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /help/top.jsp. The manipulation of the argument langcode leads to cross site scripting. The attack can be launched remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2711 – Yonyou UFIDA ERP-NC systop.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2711
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/Hebing123/cve/issues/86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2710 – Yonyou UFIDA ERP-NC menu.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2710
24 Mar 2025 — A vulnerability was found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This issue affects some unknown processing of the file /menu.jsp. The manipulation of the argument flag leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/85 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2709 – Yonyou UFIDA ERP-NC login.jsp cross site scripting
https://notcve.org/view.php?id=CVE-2025-2709
24 Mar 2025 — A vulnerability has been found in Yonyou UFIDA ERP-NC 5.0 and classified as problematic. This vulnerability affects unknown code of the file /login.jsp. The manipulation of the argument key/redirect leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/84 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: -EXPL: 0CVE-2025-30615 – WordPress WP e-Commerce Style Email plugin <= 0.6.2 - CSRF to Remote Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2025-30615
24 Mar 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Code Injection. • https://patchstack.com/database/wordpress/plugin/wp-e-commerce-style-email/vulnerability/wordpress-wp-e-commerce-style-email-plugin-0-6-2-csrf-to-remote-code-execution-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 1CVE-2025-2700 – michelson Dante Editor Insert Link cross site scripting
https://notcve.org/view.php?id=CVE-2025-2700
24 Mar 2025 — A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/Masamuneee/3be24bf5bf2b09dc61ead2af89363f86 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 1CVE-2025-2699 – GetmeUK ContentTools Image cross site scripting
https://notcve.org/view.php?id=CVE-2025-2699
24 Mar 2025 — A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. The attack may be launched remotely. • https://gist.github.com/Masamuneee/657f2e2b0eb5bf9b0d4dbb79f00dac37 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2673 – code-projects Payroll Management System home_employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2673
23 Mar 2025 — A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argument division leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29806 – Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-29806
23 Mar 2025 — No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29806 • CWE-94: Improper Control of Generation of Code ('Code Injection') •