CVE-2024-28521

SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component...

CVE-2024-25167

Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post...

CVE-2024-28521

SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component...

CVE-2024-28521

SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component...

CVE-2024-27756

GLPI through 10.0.12 allows CSV injection by an attacker who is able to create an asset with a crafted title...

GLPI Security Vulnerabilities

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

CVE-2024-25501

An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter...

Code injection

An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter...

CVE-2023-51281

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters...

Cross site scripting

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters...

CVE-2023-51281

CVE-2023-51281 affects the Customer Support System v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw that allows a remote attacker to escalate privileges via crafted inputs for fields such as firstname, lastname, middlename, contact, and address. Affected component details and exact ro...

CVE-2023-51281

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters...

CVE-2023-51281

Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters...

BIT-LUA-2021-43519

Stack overflow in luaresume of ldo.c in Lua Interpreter 5.1.05.4.4 allows attackers to perform a Denial of Service via a crafted script file...

BIT-LIMESURVEY-2023-44796

Cross Site Scripting XSS vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the generaloptionspanel.php component...

CVE-2024-25167

CVE-2024-25167 affects the eblog v1.0 project. A cross-site scripting (XSS) flaw exists in the description parameter of the comment submission endpoint, allowing a remote attacker to execute arbitrary code. Affected component: the comment submission path handling the description field. Impact: ar...

CVE-2024-26476

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereqform.php component...

Design/Logic Flaw

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereqform.php component...

CVE-2024-26476

OpenEMR prior to 7.0.2 is affected by CVE-2024-26476. A remote attacker can escalate privileges by sending a crafted script to the formid parameter in ereq_form.php. The Red Hat and OSV entries confirm the same issue in OpenEMR’s ereq_form.php formid handling, implying a privilege escalation vuln...

CVE-2024-26476

An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereqform.php component...