CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-24027 |
Description: ps_contactinfo, a PrestaShop module for displaying store contact information, has a cross-site scripting (XSS) vulnerability in versions up to and including 3.3.2. This can not be exploited in a fresh install of PrestaShop, only shops made vulnerable by third party modules are concerned. For example, if the shop has a third party module vulnerable to SQL injections, then ps_contactinfo might execute a stored cross-site scripting in formatting objects. Commit d60f9a5634b4fc2d3a8831fb08fe2e1f23cbfa39 keeps formatted addresses from displaying a XSS stored in the database, and the fix is expected to be available in version 3.3.3. No workarounds are available aside from applying the fix and keeping all modules maintained and update.
CVSS: MEDIUM (6.2) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23992 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leetoo Toocheke Companion allows Stored XSS. This issue affects Toocheke Companion: from n/a through 1.166.
CVSS: MEDIUM (5.9) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23966 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlaFalaki a Gateway for Pasargad Bank on WooCommerce allows Reflected XSS. This issue affects a Gateway for Pasargad Bank on WooCommerce: from n/a through 2.5.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23959 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Linus Lundahl Good Old Gallery allows Reflected XSS. This issue affects Good Old Gallery: from n/a through 2.1.2.
CVSS: HIGH (7.1) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23953 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in Innovative Solutions user files allows Upload a Web Shell to a Web Server. This issue affects user files: from n/a through 2.4.2.
CVSS: CRITICAL (10.0) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23949 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mihajlovic Nenad Improved Sale Badges – Free Version allows PHP Local File Inclusion. This issue affects Improved Sale Badges – Free Version: from n/a through 1.0.1.
CVSS: HIGH (8.1) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23948 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WebArea Background animation blocks allows PHP Local File Inclusion. This issue affects Background animation blocks: from n/a through 2.1.5.
CVSS: HIGH (8.1) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23944 |
Description: Deserialization of Untrusted Data vulnerability in WOOEXIM.COM WOOEXIM allows Object Injection. This issue affects WOOEXIM: from n/a through 5.0.0.
CVSS: HIGH (8.8) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23942 |
Description: Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6.
CVSS: CRITICAL (9.1) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|
|
CVE-2025-23938 |
Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Image Gallery Box by CRUDLab allows PHP Local File Inclusion. This issue affects Image Gallery Box by CRUDLab: from n/a through 1.0.3.
CVSS: HIGH (7.5) EPSS Score: 0.04%
January 23rd, 2025 (6 months ago)
|