CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 1CVE-2025-2974 – CodeCanyon Perfex CRM Contracts contract cross site scripting
https://notcve.org/view.php?id=CVE-2025-2974
31 Mar 2025 — A vulnerability has been found in CodeCanyon Perfex CRM up to 3.2.1 and classified as problematic. This vulnerability affects unknown code of the file /contract of the component Contracts. The manipulation of the argument content leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://bytium.com/stored-xss-in-perfex-crm-3-2-1-contracts-module • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11925 – WP JobSearch <= 2.6.7 - Authentication Bypass to Account Takeover and Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-11925
27 Nov 2024 — The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known. • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 0CVE-2024-8614 – WP JobSearch <= 2.6.7 - Authenticated (Subscriber+) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8614
05 Nov 2024 — The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_wp_handle_upload() function in all versions up to, and including, 2.6.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento JobSearch WP Job Board para WordPress es vulnerable a la carga de archivos arbitrarios d... • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-8615 – WP JobSearch <= 2.6.7 - Unauthenticated Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2024-8615
05 Nov 2024 — The JobSearch WP Job Board plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jobsearch_location_load_excel_file_callback() function in all versions up to, and including, 2.6.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. El complemento JobSearch WP Job Board para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de va... • https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 1CVE-2024-9031 – CodeCanyon CRMGo SaaS show cross site scripting
https://notcve.org/view.php?id=CVE-2024-9031
20 Sep 2024 — A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up to 7.2. This issue affects some unknown processing of the file /project/task/{task_id}/show. The manipulation of the argument comment leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.278201 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9030 – CodeCanyon CRMGo SaaS note cross site scripting
https://notcve.org/view.php?id=CVE-2024-9030
20 Sep 2024 — A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/{note_id}/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.278200 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2024-8945 – CodeCanyon RISE Ultimate Project Manager save sql injection
https://notcve.org/view.php?id=CVE-2024-8945
17 Sep 2024 — A vulnerability has been found in CodeCanyon RISE Ultimate Project Manager 3.7.0 and classified as critical. This vulnerability affects unknown code of the file /index.php/dashboard/save. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://packetstorm.news/files/id/190145 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 3CVE-2014-8954 – phpSound Music Sharing Platform 1.0.5 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2014-8954
17 Nov 2014 — Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Description fields in a playlist or the (3) filter parameter in an explore action to index.php. Múltiples vulnerabilidades de XSS en phpSound 1.0.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de los campos (1) Título o (2) Descripción o el parámetro (3) filter en una exploración en index.php. • https://www.exploit-db.com/exploits/35198 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •