CVE-2026-25144

Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6...

CVE-2026-25144

Talishar is a fan-made Flesh and Blood project. A Stored XSS exists in the chat in-game system. The playerID parameter in SubmitChat.php and is saved without sanitization and executed whenever a user view the current page game. This vulnerability is fixed by 09dd00e5452e3cd998eb1406a88e5b0fa868e6...

Talishar 跨站脚本漏洞

Talishar is an open-source game client developed by Talishar. Talishar has a cross-site scripting vulnerability, which stems from the lack of cleaning and escaping of the playerID parameter. This vulnerability may lead to storage-based cross-site scripting attacks...

EUVD-2010-4905

Malware in sbrugna...

EUVD-2023-43551

Malicious code in bioql PyPI...

CVE-2023-39851

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

Sql injection

DISPUTED webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

CVE-2023-39851

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation...

Cross site scripting

Cross-site Scripting XSS in WordPress podPress Plugin 8.8.10.13 could allow remote attackers to inject arbitrary web script or html via the 'playerID' parameter...

podPress 8.8.10.13 - players/1pixelout/1pixelout_player.swf playerID Parameter XSS

The podpress WordPress plugin was affected by a players/1pixelout/1pixeloutplayer.swf playerID Parameter XSS security vulnerability...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

CVE-2013-7341

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

CVE-2013-1464

Cross-site scripting XSS vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter...

Joomla 'Teams' Component SQLi Vulnerability (Nov 2011)

Joomla with Teams component is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Joomla 'Teams' Component SQL Injection Vulnerability

This host is running Joomla with Teams component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlateamssqlinjvuln.nasl 7006 2017-08-25 11:51:20Z teissa $ Joomla 'Teams' Component SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbo...

Sql injection

SQL injection vulnerability in the Teams comteams component 110281008091711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php...