CVE-2025-65215 is a Cross Site Scripting (XSS) vulnerability found in the Sourcecodester Web-based Pharmacy Product Management System v1. 0, specifically in the Supplier Name field of the /product_expiry/add-supplier. php page. This vulnerability allows an attacker to inject malicious scripts that can execute in the context of the victim's browser. Although no known exploits are currently reported in the wild, exploitation could lead to session hijacking, defacement, or redirection to malicious sites. The vulnerability does not require authentication or complex user interaction beyond submitting crafted input. European organizations using this specific pharmacy management system are at risk, especially those in healthcare sectors. Mitigation involves input validation, output encoding, and applying patches once available. Countries with significant healthcare IT adoption and reliance on Sourcecodester products, such as Germany, France, and the UK, are more likely to be affected. Given the potential impact on confidentiality and integrity with ease of exploitation, the suggested severity is high.

CVE-2025-65215 identifies a Cross Site Scripting (XSS) vulnerability in the Sourcecodester Web-based Pharmacy Product Management System version 1.0. The vulnerability exists in the Supplier Name input field on the /product_expiry/add-supplier.php page, where user-supplied input is not properly sanitized or encoded before being rendered in the web application. This flaw allows an attacker to inject malicious JavaScript code that executes in the context of other users' browsers when they view the affected page or data. Such XSS attacks can be leveraged to steal session cookies, perform actions on behalf of authenticated users, or redirect users to malicious websites. The vulnerability is classified as reflected or stored XSS depending on how the input is processed, but the exact subtype is not specified. There are no patches or fixes currently available, and no known exploits have been reported in the wild. The vulnerability does not require authentication or complex user interaction beyond submitting crafted input to the vulnerable field. The lack of a CVSS score means severity must be assessed based on impact and exploitability factors. Given the nature of XSS and the criticality of pharmacy management systems handling sensitive data, this vulnerability poses a significant risk if exploited.

CVE Database V5

Detailed information about CVE-2025-65215: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-65215: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-65215: n/a

CVE-2025-65881 is a Cross Site Scripting (XSS) vulnerability found in Sourcecodester Zoo Management System v1. 0, specifically in the /classes/Login. php component. This vulnerability allows attackers to inject malicious scripts that execute in the context of authenticated users or visitors, potentially leading to session hijacking, credential theft, or unauthorized actions. No known exploits are currently reported in the wild, and no CVSS score has been assigned. The vulnerability affects a niche application used for zoo management, which may limit its widespread impact. European organizations using this system, particularly those managing zoological parks or similar facilities, could face risks to their web application security and user data integrity. Mitigation requires secure input validation and output encoding in the affected login module. Countries with more zoological institutions and higher adoption of this software are more likely to be impacted. Given the nature of XSS and the lack of authentication requirements for exploitation, the suggested severity is medium.

CVE-2025-65881 identifies a Cross Site Scripting (XSS) vulnerability in Sourcecodester Zoo Management System version 1.0, specifically located in the /classes/Login.php file. XSS vulnerabilities occur when an application does not properly sanitize user-supplied input, allowing attackers to inject malicious scripts that execute in the browsers of other users. In this case, the vulnerability likely arises from insufficient input validation or output encoding in the login handling code, enabling an attacker to craft input that is reflected back and executed by the victim’s browser. This can lead to theft of session cookies, redirection to malicious sites, or execution of unauthorized actions under the victim’s credentials. The vulnerability is categorized as a reflected or stored XSS depending on the exact injection point, though the data does not specify which. No CVSS score has been assigned yet, and no public exploits are known, indicating it may be a newly discovered or low-profile issue. The affected software is a niche web application designed for managing zoo operations, which may limit the scope of impact but still poses a risk to organizations relying on it. The lack of patch links suggests that no official fix has been released at the time of publication, so mitigation must rely on manual code review and input sanitization. The vulnerability’s presence in the login module is particularly concerning as it may affect authentication workflows and user sessions.

Detailed information about CVE-2025-65881: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-65881: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-65881: n/a

A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page, it is possible to trigger a command injection in httpd.

Detailed information about CVE-2025-60854: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-60854: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-60854: n/a

A reflected Cross-Site Scripting (XSS) vulnerability exists in phpIPAM version 1. 6, specifically in the import-export device preview functionality. This vulnerability allows an attacker to inject malicious JavaScript code via crafted URL parameters, which is then reflected in the server response without proper sanitization. Exploitation requires the victim to visit a maliciously crafted link, leading to script execution in the victim's browser context. The vulnerability is identified as CVE-2024-41358 and has publicly available proof-of-concept exploit code. No authentication is explicitly required to trigger this reflected XSS, increasing its risk. While no known active exploitation in the wild has been reported, the presence of exploit code lowers the barrier for attackers. The impact includes potential session hijacking, credential theft, or redirection to malicious sites. Mitigation involves input validation and output encoding on affected parameters, along with applying any vendor patches once available. European organizations using phpIPAM 1.

The security threat concerns a reflected Cross-Site Scripting (XSS) vulnerability in phpIPAM version 1.6, an open-source IP address management application widely used for managing network infrastructure. The vulnerability resides in the import-export device preview feature, specifically in the 'import-devices-preview.php' script. Attackers can craft malicious GET requests with specially crafted parameters such as 'expfields' and 'importFields__' that include embedded JavaScript code. This code is reflected back in the HTTP response without proper sanitization or encoding, enabling execution of arbitrary scripts in the context of the victim's browser. The provided proof-of-concept exploit demonstrates injection of a simple alert script via URL parameters, confirming the vulnerability's existence. The vulnerability is tracked as CVE-2024-41358. Exploitation does not require authentication, making it accessible to unauthenticated attackers who can lure users into clicking malicious links. The reflected XSS can be leveraged for session hijacking, stealing cookies, defacing web interfaces, or redirecting users to phishing or malware sites. Although no active exploitation has been reported, the availability of exploit code on public repositories like Exploit-DB increases the risk of opportunistic attacks. The vulnerability affects phpIPAM installations that have not been updated or patched. Since phpIPAM is used in network management, successful exploitation could lead to compromise of administrative sessions or leakage of sensitive network data. No official patches or fixes are linked yet, so mitigation relies on input validation, output encoding, and restricting access to the vulnerable interface. Organizations should monitor vendor advisories and apply updates promptly once available.

Exploit-DB RSS Feed

Exploit code for phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)

Detailed information about phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS). Get real-time updates, technical details, and mitigation strategies.

phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS) - Live Threat Intelligence - Threat Radar | OffSeq.com

Original Source

Raw Exploit Code

phpIPAM 1.6 - Reflected Cross-Site Scripting (XSS)

EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the /api/images endpoint.

Detailed information about CVE-2025-65844: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-65844: n/a

CVE-2025-65844: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-65215: n/a

CVE-2025-65881: n/a

CVE-2025-60854: n/a

CVE-2025-64750: CWE-61: UNIX Symbolic Link (Symlink) Following in sylabs singularity

CVE-2025-64070: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility