Furkan Karaarslan

#10151of 53,779
27.3Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2026-47233
7.2
2026-06-08
WordPress · Sonaar Music Plugin · CVE-2023-54351
**Name of the Vulnerable Software and Affected Versions** Sonaar Music Plugin version 4.7 **Description** A stored cross-site scripting issue exists in the comment functionality. Unauthenticated attackers can inject malicious scripts by submitting JavaScript payloads via the `comment` parameter to the 'wp-comments-post.php' endpoint. These scripts are stored and subsequently executed in the browsers of users who view the affected playlist pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-51942
4.6
2025-12-17
Xenforo · Xenforo · CVE-2023-53904
**Name of the Vulnerable Software and Affected Versions** Xenforo version 2.2.13 **Description** The software contains a stored cross-site scripting issue. Authenticated administrators can inject malicious scripts through the smilie category title parameter. Creating a smilie category with a malicious script can lead to script execution when the admin panel is loaded, potentially enabling further client-side attacks. The vulnerable parameter is `smilie category title`. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the `smilie category title` input to prevent script injection.
PT-2025-18772
9.8
2025-05-02
Sambabox · Sambabox · CVE-2025-2421
**Name of the Vulnerable Software and Affected Versions** SambaBox versions prior to 5.1 **Description** The issue affects SambaBox due to an improper control of generation of code, allowing code injection. **Recommendations** For versions prior to 5.1, update to version 5.1 or later to resolve the issue.
PT-2025-6822
5.7
2025-02-18
Komtera Technologies · Klog Server · CVE-2025-1035
**Name of the Vulnerable Software and Affected Versions** Komtera Technolgies KLog Server versions prior to 3.1.1 **Description** The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'. This allows for manipulating web input to make calls to the file system. **Recommendations** For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive directories and files to minimize the risk of exploitation.