CVE-2010-3608

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...

CVE-2024-13851

The Modal Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject...

CVE-2024-50825

A SQL Injection vulnerability was found in /admin/schoolyear.php in kashipara E-learning Management System Project 1.0 via the schoolyear parameter...

PT-2024-39907 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.30 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization a...

PT-2024-5213 · Hewlett Packard · Hpe Aruba Networking Edgeconnect Sd-Wan Orchestrator

Name of the Vulnerable Software and Affected Versions: HPE Aruba Networking EdgeConnect SD-WAN Orchestrator affected versions not specified Description: The issue exists due to inadequate protection of the web page structure in the web-based management interface. This allows a remote attacker to...

PT-2023-31775 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator WordPress plugin versions prior to 1.27.0 Description: The issue arises from improper sanitization of the redirect-url field in form submission settings. This could allow high-privilege users, such as administrators, to inject...

CVE-2023-36619

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users...

Design/Logic Flaw

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users...

The vulnerability in the reports_admin.php script of the Cacti network monitoring software allows a perpetrator to perform cross-site scripting attacks.

The vulnerability of the reportsadmin.php script in the Cacti network monitoring tool exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Security Bulletin:IBM TRIRIGA Application Platform discloses cross-site scripting (CVE-2022-24620)

Summary CVE-2022-24620 Piwigo is vulnerable to cross-site scipting Vulnerability Details IBM X-Force ID: 87544 DESCRIPTION: Piwigo is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the admin.php script. A remote attacker could exploit this vulnerabilit...

Pluck 跨站脚本漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev4, which originates from a cross-site scripting XSS vulnerability in file /admin.php. An attacker can exploit the vulnerability by uploading a...

Pimcore 路径遍历漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A path traversal vulnerability exists in Pimco...

WordPress plugin Five Star Restaurant Reservations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A vulnerability exists in t...

EC-CUBE 跨站脚本漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE versions 4.0.0 through 4.1.2, which stems from a DOM-based cross-site scripting vulnerability that could allow a remote attacker to execute arbitrary script on the...

Digital Watchdog DW MEGApixel IP cameras 操作系统命令注入漏洞

Digital Watchdog DW MEGApixel IP cameras is a series of webcam solutions from Digital Watchdog USA. An operating system command injection vulnerability exists in Digital Watchdog DW MEGApixel IP cameras version A7.2.220211029, which originates from a command injection contained in the component...

CVE-2022-2148

The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-31352

Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manageservice.php?id=...

CVE-2022-28420

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=...

CVE-2022-28009

Attendance and Payroll System v1.0 was discovered to contain a SQL injection vulnerability via the component \admin\attendancedelete.php...

CVE-2021-31835

Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized...