CVE-2026-5332 Xiaopi Panel WAF Firewall demo.php cross site scripting

A vulnerability was identified in Xiaopi Panel 1.0.0. This vulnerability affects unknown code of the file /demo.php of the component WAF Firewall. The manipulation of the argument param leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available...

CVE-2026-2122

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

PT-2026-6940

Name of the Vulnerable Software and Affected Versions Xiaopi Panel versions prior to 20260127 Description A security flaw exists in Xiaopi Panel. The issue impacts an unknown function of the file /demo.php within the WAF Firewall component. Manipulation of the ID argument can lead to SQL injectio...

EUVD-2018-13030

Malware in sbrugna...

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Vulnerability

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting XSS Date: 1/07/2023 Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...

Alkacon OpenCMS 15.0 Cross Site Scripting

Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Date: 1/07/2023 Exploit Author: tmrswrr Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version: v15.0 POC: 1 Login in demo page , go to this url...

Open Redirect in blogifierdotnet/blogifier

Description Open redirect at login page due to unchecked "returnUrl" param Proof of Concept 1. Go to demo page link http://demo.blogifier.net/admin/login/?returnUrl=https://google.com 2. Login using demo account and see that you are redirected to google.com Impact This vulnerability is capable of...

Newsbull Haber Script 1.0.0 - search SQL Injection

Newsbull Haber Script 1.0.0 - search SQL Injection Exploit Title: Newsbull Haber Script - SQL Injection Time Based Dork: N/A Date: 28-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://newsbull.org/ Software Link: https://github.com/gurkanuzunca/newsbull Version: 1.0.0 Category:...

S-CMS Cross-Site Scripting Vulnerability (CNVD-2018-26677)

S-CMS is a content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in the admin/demo.php file in S-CMS version 3.0, which stems from the program's failure to filter the 'Tid' parameter, which can be exploited by remote attackers to inject arbitrary Web...

Cross-Site Scripting (XSS)

marked is vulnerable to cross-site scripting XSS. The HTML output of the demo page is not sanitized and allows remote attackers to inject arbitrary Javascript code into a victim's browser...

iScripts SonicBB 1.0 Cross Site Scripting

Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9235 1. Description...

Cross-site Scripting (XSS)

MapProxy is vulnerable to cross-site scripting XSS attacks. Attackers can use the format and srs parameters in the demo page to inject and execute arbitrary webscript...

Reflected Cross-Site Scripting Vulnerability in S-CMS V3.0 build20170808 /admin/demo.asp Page

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. A reflective cross-site scripting vulnerability exists in the /admin/demo.asp page in S-CMS V3.0 build20170808. This vulnerability allows an attacker to construct XSS statements and perform pop-up box...

Unauthorized Access Vulnerability in Huatian Power OA8000 System

Huatian Power OA8000 system is a collaborative OA office system. An unauthorized access vulnerability exists in the demo.oa8000.com/OAapp/bfapp/buffalo/hrApplicationFormService page of the Huatian Power OA8000 system. An attacker is allowed to gain access to obtain sensitive information...

LastPass Password Manager and then exposed a serious vulnerability, the browser-based Password Manager can also be used? - Vulnerability warning-the black bar safety net

No use cryptographic software before, we easily forget the password; use password software, we“reluctantly”leak the All password. LastPass, the popular password management software, recently again broke security vulnerabilities. Security personnel found in LastPass Chrome and Firefox 4.1.42 versi...

WordPress Altos Connect Widget Plugin <= 1.3.0 - Cross Site Scripting (XSS)

This plugin is prone to a cross site scripting vulnerability, because "PHPSELF" is printed without sanitization in a captcha demo page. Solution Update the plugin...

Joomla Component Ticketbook Local File Inclusion Vulnerability

No description provided by source. ================================================================================================================ o Joomla Component Ticketbook Local File Inclusion Vulnerability Software : comticketbook version 1.0.1 Vendor : http://www.demo-page.de/ Author :...

Sendy 1.1.8.4 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Sendy SqlInject Date: 2014-02-24 Exploit Author: Hurley Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.8.4 Demo page:...

Pixie CMS 1.04 Cross Site Scripting

Pixie CMS v1.04 Contact form POST XSS Vulnerabilities Vendor: Pixie CMS Product web page: http://www.getpixie.co.uk Affected version: 1.04 Severity: Medium CVE: CVE-2014-3786 Demo page: http://demo.getpixie.co.uk Discovered by: Filippos Mastrogiannis @filipposmastro & Simone Memoli @Simon90Italy...