4.6
CVE-2025-23198 - Stored-XSS-LibreNMS-Display-Name in librenms
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to injecβ¦
4.6
CVE-2025-23199 - Stored XSS-LibreNMS-Ports in librenms
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page disβ¦
4.6
CVE-2025-23200 - Stored XSS-LibreNMS-Misc Section in librenms
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page disβ¦
5.4
CVE-2025-23201 - Reflected Cross-site Scripting on error alert in librenms
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts withβ¦
0.0
CVE-2025-0524 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.5
CVE-2025-23907 - WordPress SOCIAL.NINJA plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in closed SOCIAL.NINJA seo-meta allows Stored XSS.This issue affects SOCIAL.NINJA: from n/a through <= 0.2.
5.3
CVE-2025-23764 - WordPress Copy Move Posts plugin <= 1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in ujjavaljani Copy Move Posts copy-move-posts.This issue affects Copy Move Posts: from n/a through <= 1.6.
6.5
CVE-2025-23816 - WordPress Metaphor Widgets plugin <= 2.4 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets mtphr-widgets allows Stored XSS.This issue affects Metaphor Widgets: from n/a through <= 2.4.
7.1
CVE-2025-23815 - WordPress root Cookie plugin <= 1.6 - CSRF to Stored XSS vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie root-cookie allows Cross Site Request Forgery.This issue affects root Cookie: from n/a through <= 1.6.
7.1
CVE-2025-23793 - WordPress Auto FTP plugin <= 1.0.1 - CSRF to Stored Cross-Site Scripting vulnerability
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Turcu Auto FTP auto-ftp allows Stored XSS.This issue affects Auto FTP: from n/a through <= 1.0.1.