CVE-2022-25305

The WP Statistics WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the IP parameter found in the /includes/class-wp-statistics-ip.php file which allows attackers to inject arbitrary web scripts onto several pages that execute when site...

WordPress Cozmoslabs Profile Builder 跨站脚本漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Cozmoslabs Profile Builder plugin 3.6.1 and earlier versions have a cross-site scripting vulnerability...

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL...

CVE-2022-24161

Tenda AX3 v16.03.12.10CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service DoS via the mac parameter...

D-Link Di-7200G 命令注入漏洞

D-Link Di-7200G is a gigabit enterprise router from D-Link, China.D-Link DI-7200GV2.E1 v21.04.09E1 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the url parameter...

Totolink X5000R 缓冲区错误漏洞

The TotoLink X5000R is a router from China's Gion Electronics TotoLink. The Totolink X5000R v9.1.0u.6118B20201102 suffers from a buffer error vulnerability that allows an attacker to cause a denial of service DoS via the url parameter...

CVE-2022-2510

Cross-site Scripting XSS vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML XSS on page "Special:SearchCenter", using the search term in the URL...

CVE-2021-44091

A Cross-Site Scripting XSS vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the 1 fullname, 2 phone, and 3 address parameters...

SourceCodester Multi Restaurant Table Reservation System 跨站脚本漏洞

SourceCodester Multi Restaurant Table Reservation System is a multi-restaurant table reservation system. A cross-site scripting vulnerability exists in Sourcecodester Multi Restaurant Table Reservation System v1.0. The vulnerability is caused by the fullname, phone, address parameters in the...

Cross-site Scripting (XSS)

elgg/elgg is vulnerable to cross-site scripting XSS attacks. Improper input neutralization during web page generation allows malicious users to inject and execute arbitrary javascript through address parameter in add.php...

Tenda AC9 安全漏洞

Tenda AC9 is a wireless router from Tenda, China. Tenda AC9 is vulnerable to a buffer overflow vulnerability, which can be exploited to execute arbitrary code via the url parameter...

SITA Software Azur CMS 跨站脚本漏洞

SITA Software Azur CMS is a web CMS. A cross-site scripting vulnerability exists in SITA Software Azur CMS 1.2.3.1 and prior versions, which stems from the software's lack of effective validation and filtering of parameters. This allows a remote attacker to pass 1 NOMCLI, 2 ADRESSE, 3 ADRESSE2, 4...

IEC104 缓冲区错误漏洞

IEC104 is an international standard of the International Electrotechnical Commission IEC standards organization widely used in the electric power, urban rail transit, and other industries. A buffer error vulnerability exists in IEC104 version 1.0, which originates from a stacked buffer overflow i...

Wordpress Plugin Broken Link Manager SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in Wordpress Plugin Brok...

whatsns SQL注入漏洞

whatsns is an open source online question and answer system. The system supports cloud storage, image watermark settings, full-text search, on-site behavior monitoring, SMS registration and notification, and other features. A SQL injection vulnerability exists in Whatsns, which originates from th...

PT-2021-10200 · Gnuboard5 · Gnuboard5

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.2.8 Description: The issue is related to a Cross Site Scripting XSS vulnerability. It can be exploited via the url parameter to "bbs/login.php" endpoint. Recommendations: For versions prior to 5.3.2.8, update t...

KuaiFan 参数注入漏洞

KuaiFanCMS later referred to as KF using PHP5 + MYSQL as the technical basis for the development of KF using the Smarty template engine to build a site system. KuaiFanCMS V5 has a security vulnerability, the vulnerability stems from KuaiFanCMS V5 in chakanhtml.module.php file HTML url parameter...

Cisco Webex Meetings Open Redirect Vulnerability

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An open redirect vulnerability exists in the Web management interface of Cisco Webex Meetings. The vulnerability stems from improper validation of the input of URL parameters in an HTTP request. An attacker could explo...

CVE-2020-35742

HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter...

CVE-2020-29455

A cross-Site Scripting XSS vulnerability in this.showInvalid and this.showInvalidCountry in SmartyStreets liveAddressPlugin.js 3.2 allows remote attackers to inject arbitrary web script or HTML via any address parameter e.g., street or country...