89 matches found
CVE-2025-67734
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...
CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...
EUVD-2025-203120
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...
CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form
Frappe Learning Management System LMS is a learning system that helps users structure their content. Versions prior to 2.42.0 allowed authenticated attackers to enter JavaScript through the Company Website field of the Job Form, exposing users to an XSS attack. The script could then be executed i...
CVE-2025-67734
CVE-2025-67734 affects Frappe Learning Management System (LMS) prior to version 2.42.0. The vulnerability arises from the Company Website field in the Job Form, where an authenticated attacker can inject JavaScript, leading to a cross-site scripting (XSS) attack that executes in the browsers of u...
Frappe Learning Management System 跨站脚本漏洞
Frappe Learning Management System is an easy-to-use open source learning management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe Learning Management System versions prior to 2.42.0, which stems from the Company Website field in a Job Form that can be...
PT-2025-50968
Name of the Vulnerable Software and Affected Versions Frappe Learning Management System LMS versions prior to 2.42.0 Description Frappe Learning Management System LMS allows authenticated attackers to inject JavaScript code through the Company Website field within the Job Form. This can lead to a...
CVE-2025-13561 SourceCodester Company Website CMS index.php sql injection
A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed a...
CVE-2025-13561 SourceCodester Company Website CMS index.php sql injection
A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed a...
CVE-2025-13560 SourceCodester Company Website CMS reset-password.php sql injection
A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2025-13560
CVE-2025-13560 affects SourceCodester Company Website CMS 1.0. The vulnerability is a SQL injection in the /admin/reset-password.php file triggered by manipulating the email parameter, with remote exploitable conditions and a publicly released exploit. Multiple sources (NVD/Red Hat/CVE records) a...
SourceCodester Company Website CMS SQL注入漏洞
SourceCodester Company Website CMS is a SourceCodester open source content management system. A SQL injection vulnerability exists in SourceCodester Company Website CMS version 1.0, which originates from the incorrect operation of the parameter email in the file /admin/reset-password.php, which m...
SourceCodester Company Website CMS SQL注入漏洞
SourceCodester Company Website CMS is a SourceCodester open source content management system. A SQL injection vulnerability exists in SourceCodester Company Website CMS version 1.0, which originates from the incorrect operation of the parameter Username in the file /admin/index.php, which may lea...
PT-2025-47852
Name of the Vulnerable Software and Affected Versions SourceCodester Company Website CMS version 1.0 Description A SQL injection issue exists due to the manipulation of the email argument in the '/admin/reset-password.php' file. This allows for remote attacks. The exploit has been publicly...
EUVD-2007-1803
Malware in sbrugna...
EUVD-2022-35007
Malicious code in bioql PyPI...
EUVD-2025-19493
Malicious code in bioql PyPI...
EUVD-2025-19491
Malicious code in bioql PyPI...
CVE-2025-6873
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely...
CVE-2025-6871
A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...