Publish Advisories

GHSA-2x92-78m7-jjc3
GHSA-r5j8-cxvj-g8g2
GHSA-wm3h-v48w-fqgf
GHSA-wmgf-x426-x7rh

Author: advisory-database[bot]

advisories/unreviewed/2025/12/GHSA-2x92-78m7-jjc3/GHSA-2x92-78m7-jjc3.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2x92-78m7-jjc3",
+  "modified": "2025-12-22T00:30:23Z",
+  "published": "2025-12-22T00:30:23Z",
+  "aliases": [
+    "CVE-2025-15003"
+  ],
+  "details": "A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15003"
+    },
+    {
+      "type": "WEB",
+      "url": "https://note-hxlab.wetolink.com/share/aTI1wPFLm7FG"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337708"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337708"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.716084"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-22T00:15:49Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-r5j8-cxvj-g8g2/GHSA-r5j8-cxvj-g8g2.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-r5j8-cxvj-g8g2",
+  "modified": "2025-12-22T00:30:23Z",
+  "published": "2025-12-22T00:30:23Z",
+  "aliases": [
+    "CVE-2025-62926"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62926"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/wordpress/plugin/current-template-name/vulnerability/wordpress-temptool-show-current-template-info-plugin-1-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T22:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-wm3h-v48w-fqgf/GHSA-wm3h-v48w-fqgf.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wm3h-v48w-fqgf",
+  "modified": "2025-12-22T00:30:23Z",
+  "published": "2025-12-22T00:30:23Z",
+  "aliases": [
+    "CVE-2025-15002"
+  ],
+  "details": "A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15002"
+    },
+    {
+      "type": "WEB",
+      "url": "https://note-hxlab.wetolink.com/share/VFwALb6qhnTZ"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.337707"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.337707"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.716083"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T23:15:48Z"
+  }
+}

advisories/unreviewed/2025/12/GHSA-wmgf-x426-x7rh/GHSA-wmgf-x426-x7rh.json

@@ -0,0 +1,36 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-wmgf-x426-x7rh",
+  "modified": "2025-12-22T00:30:22Z",
+  "published": "2025-12-22T00:30:22Z",
+  "aliases": [
+    "CVE-2025-62901"
+  ],
+  "details": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62901"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vdp.patchstack.com/database/wordpress/plugin/wp-microdata/vulnerability/wordpress-wp-microdata-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-12-21T22:15:48Z"
+  }
+}