23 matches found
MAL-2026-4683 Malicious code in tax4all-components (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/[email protected] — the...
PT-2026-40899
Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
PT-2026-36152
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
EUVD-2026-26398
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
CVE-2026-36763
A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...
SpringBlade 跨站脚本漏洞
SpringBlade is a microservices development platform developed by Blade China. Version 4.8.0 of SpringBlade contains a cross-site scripting vulnerability. This vulnerability stems from the /api/blade-desk/notice/submit endpoint, where a stored cross-site script exists. This could allow attackers t...
EUVD-2019-20107
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...
CVE-2019-25687
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...
CVE-2019-25687 Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...
PT-2026-30495
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the...
CVE-2026-4590
A security flaw has been discovered in kalcaddle kodbox 1.64. The impacted element is an unknown function of the file /workspace/source-code/plugins/oauth/controller/bind/index.class.php of the component loginSubmit API. Performing a manipulation of the argument third results in cross-site reques...
PT-2025-54247
Name of the Vulnerable Software and Affected Versions H3C SSL VPN affected versions not specified Description The software contains a user enumeration issue. An attacker can identify valid usernames by submitting different usernames to the /login submit.cgi API endpoint via the txtUsrName POST...
CVE-2025-9429
A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...
CVE-2025-9429 mtons mblog Post submit cross site scripting
A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation of the argument content/title/ leads to cross site scripting. It is possible to initiate the attack remotely. The...
PT-2025-34720 · Mtons · Mtons Mblog
Name of the Vulnerable Software and Affected Versions: mtons mblog versions prior to 3.5.1 Description: A security vulnerability has been detected in mtons mblog. The vulnerability affects unknown code within the /post/submit file of the Post Handler component. Manipulation of the content/title...
PT-2024-35784 · Unknown · Masterstack Imgcap
Name of the Vulnerable Software and Affected Versions: masterstack imgcap version 0.0.1 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the "/submit" endpoint. Recommendations: For masterstack imgcap version 0.0.1, as a temporary workaround, consider...
CVE-2024-53597
CVE-2024-53597 affects masterstack_imgcap v0.0.1 with a SQL injection in the /submit endpoint. The connected sources confirm the issue but do not provide an official patch/version containing a fix. A practical mitigation from PT-2024-35784 is to restrict access to the /submit endpoint and avoid u...