CVSS: 8.6EPSS: %CPEs: 1EXPL: 0CVE-2025-4010 – Arbitrary Command Injection in Netcom NTC-6200 & NWL-222
https://notcve.org/view.php?id=CVE-2025-4010
02 Jun 2025 — Remote authenticated attackers can gain arbitrary code execution with elevated privileges. • https://www.onekey.com/resource/security-advisory-remote-command-execution-on-netcomm-ntc-6200-and-nwl-222 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.1EPSS: %CPEs: 3EXPL: 1CVE-2025-5420 – juzaweb CMS Profile Page upload cross site scripting
https://notcve.org/view.php?id=CVE-2025-5420
02 Jun 2025 — A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component Profile Page. The manipulation of the argument Upload leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Cyber-Wo0dy/report/blob/main/juzawebcms/3.4.2/juzawebcms_avatar_xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: %CPEs: 2EXPL: 1CVE-2025-5412 – Mist Community Edition Authentication Endpoint views.py login cross site scripting
https://notcve.org/view.php?id=CVE-2025-5412
01 Jun 2025 — A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoint. The manipulation of the argument return_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Stolichnayer/mist-ce-open-redirect • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: %CPEs: 2EXPL: 1CVE-2025-5411 – Mist Community Edition views.py tag_resources cross site scripting
https://notcve.org/view.php?id=CVE-2025-5411
01 Jun 2025 — A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation of the argument tag leads to cross site scripting. The attack may be initiated remotely. • https://github.com/Stolichnayer/mist-ce-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: %CPEs: -EXPL: 1CVE-2025-5407 – chaitak-gorai Blogbook register_script.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-5407
01 Jun 2025 — A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20Stored%20XSS%20in%20User%20Registration%20via%20fullname%20Parameter%20Leading%20to%20Admin%20Account%20Takeover.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: %CPEs: -EXPL: 1CVE-2025-5405 – chaitak-gorai Blogbook post.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-5405
01 Jun 2025 — A vulnerability, which was classified as problematic, has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This issue affects some unknown processing of the file /post.php. The manipulation of the argument comment_author/comment_email/comment_content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rllvusgnzm98/Report/blob/main/blogbook/BlogBook%20post.php%20Stored%20Cross-Site%20Scripting%20(XSS)%20in%20Comment%20Functionality%20Leading%20to%20Admin%20and%20User%20Account%20Takeover.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 1CVE-2025-5383 – Yifang CMS Article Management Module cross site scripting
https://notcve.org/view.php?id=CVE-2025-5383
31 May 2025 — A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://gitee.com/wanglongcn/yifang/issues/IC41YQ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5378 – Astun Technology iShare Maps mycouncil2.aspx cross site scripting
https://notcve.org/view.php?id=CVE-2025-5378
31 May 2025 — A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.310671 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5377 – Astun Technology iShare Maps historic1.asp cross site scripting
https://notcve.org/view.php?id=CVE-2025-5377
31 May 2025 — A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file historic1.asp. The manipulation of the argument Zoom leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.310670 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48390 – FreeScout Vulnerable to Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2025-48390
29 May 2025 — Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in the php_path parameter. • https://github.com/freescout-help-desk/freescout/commit/fb33d672a2d67f5a2b3cf69c80945267f17908b2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •