161 matches found
EUVD-2026-30255
The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and including, 5.1.2. This is due to missing nonce verification and capability checks in the iwarsaverecipe AJAX handler. This makes it possible for unauthenticated...
CVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931 Click2Magic 1.1.5 - Stored Cross-Site Scripting
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931
Click2Magic 1.1.5 is affected by a stored cross-site scripting vulnerability in the chat name input. The condition allows attackers to inject scripts that can capture administrator cookies when the admin processes user requests. Reported CVSS details indicate Medium severity (CVSSv4 = 5.1; CVSSv3...
CVE-2020-36931 Click2Magic 1.1.5 - Stored Cross-Site Scripting
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
CVE-2020-36931
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
PT-2026-4649
Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests...
EUVD-2025-33757
code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting XSS vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing...
CVE-2025-60308
code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting XSS vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing...
CVE-2025-60308
code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting XSS vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing...
CVE-2025-60308
code-projects Simple Online Hotel Reservation System 1.0 has a Cross Site Scripting XSS vulnerability in the Add Room function of the online hotel reservation system. Malicious JavaScript code is entered in the Description field, which can leak the administrator's cookie information when browsing...
PT-2025-41578
Name of the Vulnerable Software and Affected Versions code-projects Simple Online Hotel Reservation System version 1.0 Description The Simple Online Hotel Reservation System contains a Cross Site Scripting XSS issue within the Add Room function. Specifically, entering malicious JavaScript code in...
EUVD-2016-5942
Malware in sbrugna...
EUVD-2023-34103
Malicious code in bioql PyPI...
EUVD-2022-0502
Malicious code in bioql PyPI...
EUVD-2023-45338
Malicious code in bioql PyPI...
Code-Projects Document Management System 安全漏洞
Code-Projects Document Management System is an open source document management system from Code-Projects. A security vulnerability exists in Code-Projects Document Management System version 1.0, which stems from a failure to filter malicious cross-site scripting code in the Company field when...
CVE-2025-6754
The SEO Metrics plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks in both the seometricshandleconnectbuttonclick AJAX handler and the seometricshandlecustomendpoint function in all versions up to, and including, 1.0.15. Because the AJAX action only...
CVE-2022-41327
A cleartext transmission of sensitive information vulnerability CWE-319 in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in...
CVE-2024-29976
UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “showallsessions” in Zyxel NAS326 firmware versions before V5.21AAZF.17C0 and NAS542 firmware versions before V5.21ABAG.14C0 could allow an authenticated attacker to obtain a logged-in administrator’s session...