PHPJabbers Callback Widget v1.0 - Cross-Site Scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. id: CVE-2023-40755 info: name: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site Scripting...

CVE-2026-35023 Wimi Teamwork On-Premises < 8.2.0 IDOR via preview.php

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

EUVD-2026-5715

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

CVE-2023-40755

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...

CVE-2025-15426 jackying H-ui.admin preview.php unrestricted upload

A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...

CVE-2025-15426 jackying H-ui.admin preview.php unrestricted upload

A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...

CVE-2025-15426

CVE-2025-15426 affects jackying H-ui.admin up to version 3.1. A flaw in the library file /lib/webuploader/0.1.5/server/preview.php allows unrestricted file uploads via a remotely exploitable path. Public PoC exists; vendor reportedly unresponsive. Impact is described as remote arbitrary file uplo...

EUVD-2017-8799

Malware in sbrugna...

EUVD-2016-9945

Malware in sbrugna...

EUVD-2006-2030

Malware in sbrugna...

EUVD-2016-1948

Malware in sbrugna...

EUVD-2006-2033

Malware in sbrugna...

EUVD-2023-37721

Malicious code in bioql PyPI...

EUVD-2023-37717

Malicious code in bioql PyPI...

EUVD-2023-45308

Malicious code in bioql PyPI...

CVE-2023-36126

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0...

CVE-2023-36137

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...

CVE-2023-3555

A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sortby/propertyid leads to cross site scripting. It is possible to initiate the attack...

CVE-2016-10957

The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter...