2025-10-04 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2021-42193 | n/a - n/a | nopCommerce 4.40.3 is vulnerable to XSS in the Product Name at /Admin/Product/Edit/[id]. Each time a user views the product in the shop, the XSS payload fires. | CNA n/a CVSS3.1: 6.1 - MEDIUM | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-10192 | muhammad-rehman - WP Photo Effects | The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wppe_effect’ shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | CVSS3.1: 6.4 - MEDIUM | 0 1 2 | Exploitation: noneAutomatable: noTechnical Impact: partial | WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | github |
| CVE-2021-43798 | grafana - grafana | Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files. The vulnerable URL path is: `/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. CVSS3.1: 7.5 - HIGH | 0 1 2 3 4 5 6 7 | Exploitation: pocAutomatable: yesTechnical Impact: partial | Grafana path traversal | github |
This post is licensed under CC BY 4.0 by the author.