5.1
CVE-2024-10088 - XSS in iKSORIS
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's context.ย This vulnerability has been patched in versionย โฆ
5.3
CVE-2024-10087 - XSS in iKSORIS
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might craft a link containing a malicious script, which then gets directly embedded in references to other resources, what causes the script to run in user's context mโฆ
5.1
CVE-2025-3565 - huanfenz/code-projects StudentManager Announcement Management Section uploadArticle.do unrestrictedโฆ
A vulnerability classified as critical was found in huanfenz/code-projects StudentManager 1.0. This vulnerability affects unknown code of the file /upload/uploadArticle.do of the component Announcement Management Section. The manipulation of the argument File leads to unrestricted upload. The attacโฆ
5.3
CVE-2025-3564 - huanfenz/code-projects StudentManager Teacher String improper authorization
A vulnerability classified as problematic has been found in huanfenz/code-projects StudentManager up to 1.0. This affects an unknown part of the component Teacher String Handler. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been dโฆ
7.1
CVE-2025-27009 - WordPress My auctions allegro plugin <= 3.6.33 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in wphocus My auctions allegro my-auctions-allegro-free-edition allows Stored XSS.This issue affects My auctions allegro: from n/a through <= 3.6.33.
5.1
CVE-2025-3563 - WuzhiCMS Setting index.php set code injection
A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attackโฆ
5.3
CVE-2025-3562 - Yonyou YonBIP userfile FileInputStream path traversal
A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit hโฆ
5.3
CVE-2025-3561 - ghostxbh uzy-ssm-mall cross-site request forgery
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The venโฆ
5.1
CVE-2025-3560 - ghostxbh uzy-ssm-mall product cross site scripting
A vulnerability was found in ghostxbh uzy-ssm-mall 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /product. The manipulation of the argument product_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed โฆ
5.3
CVE-2025-3559 - ghostxbh uzy-ssm-mall 20 ForeProductListController sql injection
A vulnerability has been found in ghostxbh uzy-ssm-mall 1.0.0 and classified as critical. This vulnerability affects the function ForeProductListController of the file /mall/product/0/20. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The explโฆ