CVSS: 5.3EPSS: 0%CPEs: -EXPL: 1CVE-2025-3388 – hailey888 oa_system Frontend LoginsController.java loginCheck cross site scripting
https://notcve.org/view.php?id=CVE-2025-3388
07 Apr 2025 — A vulnerability classified as problematic was found in hailey888 oa_system up to 2025.01.01. This vulnerability affects the function loginCheck of the file cn/gson/oasys/controller/login/LoginsController.java of the component Frontend. The manipulation of the argument Username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/hailey888/oa_system/issues/IBRQYI • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 1CVE-2025-3387 – renrenio renren-security JSON cross site scripting
https://notcve.org/view.php?id=CVE-2025-3387
07 Apr 2025 — A vulnerability classified as problematic has been found in renrenio renren-security up to 5.4.0. This affects an unknown part of the component JSON Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/renrenio/renren-security/issues/IBOU02 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3386 – LinZhaoguan pb-cms Friendship Link admin#links cross site scripting
https://notcve.org/view.php?id=CVE-2025-3386
07 Apr 2025 — A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin#links of the component Friendship Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. • https://gitee.com/LinZhaoguan/pb-cms/issues/IBN3MW • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3385 – LinZhaoguan pb-cms Classification Management Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-3385
07 Apr 2025 — A vulnerability was found in LinZhaoguan pb-cms 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Classification Management Page. The manipulation of the argument Classification name leads to cross site scripting. The attack can be launched remotely. • https://gitee.com/LinZhaoguan/pb-cms/issues/IBN3S0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3425 – Unauthenticated Remote Code Execution via .NET Deserialization
https://notcve.org/view.php?id=CVE-2025-3425
07 Apr 2025 — The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior. • https://www.cve.org/CVERecord?id=CVE-2025-3425 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 68%CPEs: 1EXPL: 1CVE-2025-3248 – Langflow Unauth RCE
https://notcve.org/view.php?id=CVE-2025-3248
07 Apr 2025 — Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. ... Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. • https://github.com/langflow-ai/langflow/pull/6911 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22851 – Liteos_A has an integer overflow vulnerability
https://notcve.org/view.php?id=CVE-2025-22851
07 Apr 2025 — in OpenHarmony v5.0.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through integer overflow. • https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2025/2025-04.md • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3327 – iteaj iboot 物联网网关 File Upload batch cross site scripting
https://notcve.org/view.php?id=CVE-2025-3327
07 Apr 2025 — A vulnerability was found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This issue affects some unknown processing of the file /common/upload/batch of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/iboot.md#22commonuploadbatch-arbitrary-file-upload • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3326 – iteaj iboot 物联网网关 File Upload upload cross site scripting
https://notcve.org/view.php?id=CVE-2025-3326
06 Apr 2025 — A vulnerability has been found in iteaj iboot 物联网网关 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/uglory-gll/javasec/blob/main/iboot.md#2file-upload • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3297 – SourceCodester Online Eyewear Shop Master.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-3297
05 Apr 2025 — A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_product. The manipulation of the argument brand leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/foreverfeifei/cve/blob/main/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •