CVE-2026-6996

A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched remotely. The exploit has been made availab...

CVE-2026-6996

CVE-2026-6996 affects BDCOM P3310D firmware 0.4.2/10.1.0F Build 86345. The vulnerability is in an unknown function of the rmon event Tab where manipulating the Description argument can trigger cross-site scripting. Exploitation may be remote; public exploit code exists. Vendor did not respond. Th...

CVE-2026-4972

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

CVE-2026-4972

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

CVE-2026-4530

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

CVE-2026-4626

A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyerbooking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...

EUVD-2026-14262

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

CVE-2025-11283

CVE-2025-11283 affects Frappe LMS 2.35.0, specifically the Course Handler component. The vulnerability arises from manipulation of the Description argument in Course Handler, enabling cross-site scripting (XSS) via a remote attack. Public disclosures exist detailing the exploit. The recommended r...

EUVD-2025-25432

Malicious code in bioql PyPI...

CVE-2025-9655

A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /xorganizationassemblecontrol/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched...

CVE-2025-9655

CVE-2025-9655 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The issue arises from manipulating the Description argument in the /x_organization_assemble_control/jaxrs/person/ file, enabling cross-site scripting. Exploitation can be performed remotely. Vendo...

CVE-2025-5153

A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The...

PT-2025-3953 · Unknown · Campcodes School Management

Name of the Vulnerable Software and Affected Versions: CampCodes School Management Software version 1.0 Description: A problematic vulnerability was found in the Photo Gallery Page component of the software, specifically in an unknown function of the file /photo-gallery. The manipulation of the...

CVE-2024-2135 Bdtask Hospita AutoManager Hospital Activities Page form cross site scripting

A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospitalactivities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input leads ...

PT-2024-15896 · Unknown · Hongmaple Octopus

Name of the Vulnerable Software and Affected Versions: hongmaple octopus version 1.0 Description: A vulnerability was found in hongmaple octopus, affecting an unknown functionality. The manipulation of the argument description with the input alertdocument.cookie leads to cross-site scripting. The...

CVE-2023-7215

A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2023-7215

CVE-2023-7215 affects Chanzhaoyu chatgpt-web version 2.11.1. The vulnerability is a cross-site scripting flaw triggered by manipulating the Description argument with the input "". Exploitation is remote and the vulnerability has been publicly disclosed. Affected component is the input handling fo...

PT-2024-15235 · Unknown · Chanzhaoyu Chatgpt-Web

Name of the Vulnerable Software and Affected Versions: Chanzhaoyu chatgpt-web version 2.11.1 Description: A problematic issue has been found in the software, affecting some unknown processing. The manipulation of the argument Description with the input leads to cross-site scripting. The attack ma...

PT-2022-27697 · Unknown · Django-Openipam

Name of the Vulnerable Software and Affected Versions: django-openipam affected versions not specified Description: A problematic vulnerability has been found in django-openipam, affecting an unknown part of the file openipam/report/templates/report/exposed hosts.html. The manipulation of the...