11465 matches found
CVE-2025-63709
A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...
CVE-2025-12927
A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...
EUVD-2025-38731
A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...
CVE-2025-12927 DedeBIZ archives_add.php sql injection
A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...
CVE-2025-12927
CVE-2025-12927 affects DedeBIZ up to version 6.3.2. The vulnerability lies in the /admin/archives_add.php component where manipulation of the flags[] argument enables a remote SQL injection. The issue is caused by an unknown function handling flags[] and has publicly disclosed exploits. Multiple ...
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
EUVD-2025-38727
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...
EUVD-2025-38722
A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
PT-2025-46147
Name of the Vulnerable Software and Affected Versions SourceCodester Interview Management System version 1.0 Description A security flaw exists in SourceCodester Interview Management System version 1.0. The issue involves a SQL injection impacting the file '/addCandidate.php'. Manipulation of the...
forest 安全漏洞
forest is a modern knowledge community backend project of RYMCU open source , using SpringBoot + Shiro + MyBatis + JWT + Redis implementation . There is a security vulnerability in forest, which originates from the lack of authorization for the functions getAll/addDic/getAllDic/deleteDic in the...
PT-2025-45592
A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives add.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may ...
DedeBIZ SQL注入漏洞
DedeBIZ is a content management system from China Muyun Intelligence DedeBIZ company. A SQL injection vulnerability exists in DedeBIZ 6.3.2 and earlier versions, which stems from incorrect manipulation of the parameter flags in the file /admin/archivesadd.php, which could lead to a SQL injection...
CVE-2025-63709
A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...
CVE-2025-63709
A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...
CVE-2025-63709
CVE-2025-63709 is a stored XSS in SourceCodester Simple To-Do List System 1.0, occurring in the Add Tasks input. An authenticated user can submit HTML/JS not properly sanitized, with the injected script stored and later rendered for other users, enabling arbitrary script execution in the victim’s...
PT-2025-46165
Name of the Vulnerable Software and Affected Versions SourceCodester Simple To-Do List System version 1.0 Description A Cross-Site Scripting XSS issue exists in the "Add Tasks" text input. An authenticated user can submit HTML or JavaScript that is not properly sanitized or encoded before being...
CVE-2025-12920
A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-12920
A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-12920
FoxCMS up to 1.2.16 contains a cross-site scripting vulnerability in the add/edit path (app/admin/controller/Product.php, Title parameter). The issue can be triggered remotely and an exploit has been published; vendor did not respond. Affected versions should be updated to mitigate; as a workarou...