6.1
CVE-2024-13822 - Total Contest Lite <= 2.8.1 - Reflected XSS
The Photo Contest | Competition | Video Contest WordPress plugin through 2.8.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
4.8
CVE-2024-13605 - Form Maker by 10Web < 1.15.33 - Admin+ Stored XSS
The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.4
CVE-2024-12308 - Logo Slider < 4.6.0 - Contributor+ Stored XSS
The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
5.1
CVE-2025-1629 - Excitel Broadband Private my Excitel App One-Time Password excessive authentication
A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handler. The manipulation leads to improper restriction of excessive authentication attempts. The vendorβ¦
5.3
CVE-2025-1618 - vTiger CRM index.php cross site scripting
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has beeβ¦
4.8
CVE-2025-1617 - Netis WF2780 Wireless 2.4G Menu cross site scripting
A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The vendor was contacted β¦
5.1
CVE-2025-1616 - FiberHome AN5506-01A ONU GPON Diagnosis os command injection
A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this issue is some unknown functionality of the component Diagnosis. The manipulation of the argument Destination Address leads to os command injection. The attack may be launched β¦
4.8
CVE-2025-1615 - FiberHome AN5506-01A ONU GPON NAT Submenu cross site scripting
A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The β¦
4.8
CVE-2025-1614 - FiberHome AN5506-01A ONU GPON Port Forwarding Submenu portForwardingCfg cross site scripting
A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding Submenu. The manipulation of the argument pf_Description leads to cross site scripting. It is possβ¦
4.8
CVE-2025-1613 - FiberHome AN5506-01A ONU GPON URL Filtering Submenu URL_filterCfg cross site scripting
A vulnerability was found in FiberHome AN5506-01A ONU GPON RP2511. It has been rated as problematic. This issue affects some unknown processing of the file /goform/URL_filterCfg of the component URL Filtering Submenu. The manipulation of the argument url_IP leads to cross site scripting. The attackβ¦