Skip to main content
CVE-2025-59749 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/TRACK_REQUEST.ASP'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59748 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in '/clt/changepassword.asp'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59747 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/resetPassword.asp'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-59746 MEDIUM This Month

Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'.

XSS E Tms
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-40646 MEDIUM This Month

Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/create_job_submit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.

XSS PHP Energy Crm
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-40991 MEDIUM This Month

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS PHP Ekushey Project Manager Crm
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40990 MEDIUM This Month

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS PHP Ekushey Project Manager Crm
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40989 MEDIUM This Month

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS PHP Ekushey Project Manager Crm
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-40992 MEDIUM This Month

Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details.

XSS
NVD
CVSS 4.0
5.1
EPSS
0.2%
CVE-2025-41010 MEDIUM This Month

A remote code execution vulnerability (CVSS 5.1) that allows browsers. Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-57443 MEDIUM This Month

FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.

Privilege Escalation macOS
NVD GitHub
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-54468 MEDIUM PATCH This Month

A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers may contain identifiable and/or sensitive information e.g. email addresses.

Information Disclosure Suse
NVD GitHub
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-11239 MEDIUM PATCH This Month

Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).

Authentication Bypass Business Hub
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy