CVE-2024-48647

A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including...

CVE-2024-10503

A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

PT-2024-8854 · D Link · D-Link Dir-820L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-820L version 1.05b03 Description: The issue is related to the ping v4 and ping v6 functions in the D-Link DIR-820L router's firmware, which fails to properly sanitize data when handling the ping addr parameter. This can allow a...

CVE-2024-46236

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting XSS via the address parameter in addmembers.php and editmember.php...

CVE-2024-46236

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting XSS via the address parameter in addmembers.php and editmember.php...

CVE-2024-46236

CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting XSS via the address parameter in addmembers.php and editmember.php...

CodeAstro Membership Management System 跨站脚本漏洞

CodeAstro Membership Management System is a membership management system from CodeAstro, Inc. A security vulnerability exists in CodeAstro Membership Management System version 1.0, which originates from a cross-site scripting vulnerability in the address parameter of addmembers.php and...

PT-2024-16110 · Code Projects · Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A security issue has been found in the Manage Supplier Page component, specifically in the file /manage supplier.php. The manipulation of the address argument leads to cross-si...

CVE-2024-48630

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the MacAddress parameter in the SetMACFilters2 function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

CVE-2024-48629

D-Link DIR882FW130B06 and DIR878 DIR878FW130B08 were discovered to contain a command injection vulnerability via the IPAddress parameter in the SetGuestZoneRouterSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted POST request...

CVE-2024-9952

CVE-2024-9952 affects SourceCodester Online Eyewear Shop 1.0. The vulnerability is in the Contact Information Page (file path /admin/?page=system_info/contact_info) where manipulation of the Address parameter can lead to cross-site scripting. It may be exploited remotely and is cited with varied ...

PT-2024-39963 · Sourcecodester · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A problem was discovered in the Contact Information Page, affecting the file "/admin/?page=system info/contact info". The manipulation of the Address argument leads to cross-site...

CVE-2024-46237

PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting XSS via the patname, pataddress, and medhis parameters in doctor/add-patient.php and doctor/edit-patient.php...

CVE-2024-8482

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.3.982 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2024-7029 · D Link · D-Link Dir-878 +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions FW130B06 D-Link DIR-878 versions FW130B08 Description: A command injection issue exists in the SetMACFilters2 function due to insufficient neutralization of special elements used in an OS command. This allows attackers...

VulnCheck KEV: CVE-2015-8813

The PageLoad function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery SSRF attacks via the url parameter...

CVE-2024-45787

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the AP...

akademy 跨站脚本漏洞

akademy is a school management system. A cross-site scripting vulnerability exists in akademy, which stems from an incorrect manipulation of the parameter emailAddress. No details of the vulnerability are provided at this time...

QR Code Bookmark System 跨站脚本漏洞

QR Code Bookmark System is a QR code bookmark system for rems individual developers. A cross-site scripting vulnerability exists in SourceCodester QR Code Bookmark System version 1.0, which originates from a cross-site scripting vulnerability in the tblbookmarkid/name/url parameter of the...

itsourcecode Billing System SQL注入漏洞

itsourcecode Billing System is itsourcecode open source a system developed in PHP MySQL database using HTML, CSS, Bootstrap, JavaScript, Ajax, J Query and Modal. this PH billing system project contains an administrator side. This PH Billing System project includes an administrator side where the...