Security Vulnerabilities - CVEs Published In March 2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite allows Stored XSS. This issue affects Zigaform – Price Calculator & Cost Estimation Form Builder Lite: from n/a through 7.4.2.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-03-03
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WP Templata allows Reflected XSS. This issue affects WP Templata: from n/a through 1.0.7.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-03-03
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in enituretechnology Small Package Quotes – Unishippers Edition allows Reflected XSS. This issue affects Small Package Quotes – Unishippers Edition: from n/a through 2.4.9.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-03-03
Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory allows Object Injection. This issue affects Events Calendar for GeoDirectory: from n/a through 2.3.14.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-03-03
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Swift Calendar Online Appointment Scheduling allows Reflected XSS. This issue affects Swift Calendar Online Appointment Scheduling: from n/a through 1.3.3.
CVSS Score
7.1
EPSS Score
0.001
Published
2025-03-03
Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1
CVSS Score
9.8
EPSS Score
0.002
Published
2025-03-03
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-03-03
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "pagedescription" parameter in admin/aboutus.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-03
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-03
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "sadminusername" parameter in admin/add-subadmins.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-03-03