6 matches found
CVE-2025-40644
Reflected Cross-Site Scripting XSS vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'id' parameter in '/article.php'. This vulnerability can be exploited to steal sensitive user...
EUVD-2025-35187
Cross-Site Scripting XSS vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient input sanitization or output encoding, allowing attacker-controlled input to be rendered directly i...
PT-2024-37791 · Unknown · Lollms-Webui
Name of the Vulnerable Software and Affected Versions: lollms-webui versions prior to 10 Description: A CORS misconfiguration allows attackers to steal sensitive information, such as logs, browser sessions, and settings containing private API keys from other services. This issue can also enable...
Iteris Apache Velocity 跨站脚本漏洞
Iteris Apache Velocity is a software application from the United States Iteris. It is used to create and maintain open source software features related to the Apache Velocity Engine. A security vulnerability exists in Apache Velocity 3.1, which can be exploited by an attacker to steal a session...
DEBIAN-CVE-2019-1010247
ZmartZone IAM modauthopenidc 2.3.10.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/modauthopenidc.c, Line: 3109. The fixed version is: 2.3.10.2...
CVE-2019-1031
A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...