PT-2025-27890 · Unknown · Gopiplus Card Flip Image Slideshow

Name of the Vulnerable Software and Affected Versions: gopiplus Card flip image slideshow versions 1.5 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based Cross-site Scripting XSS. This means that an attacker cou...

PT-2025-22123 · WordPress · Order Delivery Date

Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.4.0 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the plugin does not properly sanitise and escape a parameter before outputting it...

PT-2025-5013 · Mailchimp · Import Users To Mailchimp

Name of the Vulnerable Software and Affected Versions: Import Users to MailChimp versions 1.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a we...

PT-2025-5002 · Mercadolibre · Mercadolibre Integration

Name of the Vulnerable Software and Affected Versions: MercadoLibre Integration versions 1.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-4529 · Unknown · Ofek Nakar Virtual Bot

Name of the Vulnerable Software and Affected Versions: Ofek Nakar Virtual Bot versions n/a through 1.0.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...

PT-2025-3188 · Unknown · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms versions n/a through 1.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious code into the HTML Forms,...

PT-2024-17825 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical issue has been found in the 1000 Projects Portfolio Management System MCA, affecting some unknown functionality of the file /update pd process.php. The...

PT-2024-36318 · Unknown · Aphorismus

Name of the Vulnerable Software and Affected Versions: Aphorismus versions 1.2.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2024-16508 · Unknown · Datatables +1

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/comple...

PT-2024-33570 · Henrique Rodrigues · Safetyforms

Name of the Vulnerable Software and Affected Versions: Henrique Rodrigues SafetyForms versions n/a through 1.0.0 Description: A Cross-Site Request Forgery CSRF issue allows Blind SQL Injection. This means an attacker can trick a user into performing unintended actions on the web application,...

PT-2024-13231 · Realtek · Realtek Rtl819X Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: A stack-based buffer overflow vulnerability exists in the boa setRepeaterSsid functionality. This can be triggered by a specially crafted series of network requests, potentially leading t...

PT-2024-25317 · Sourcecodester · Aplaya Beach Resort Online Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Aplaya Beach Resort Online Reservation System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file admin/mod users/controller.php?action=add. The manipulation of...

PT-2024-1440 · Kaspersky · Kaspersky Security 8.0 For Linux Mail Server

Name of the Vulnerable Software and Affected Versions: Kaspersky Security 8.0 for Linux Mail Server Description: The issue allows an attacker to potentially force an administrator to click on a malicious link to perform unauthorized actions. This is due to the lack of measures to neutralize speci...

PT-2023-30507 · Unknown · Mahlamusa Who Hit The Page – Hit Counter

Name of the Vulnerable Software and Affected Versions: Mahlamusa Who Hit The Page – Hit Counter versions 1.4.14.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injectio...

PT-2023-6133 · Microsoft +1 · Quic +4

Name of the Vulnerable Software and Affected Versions: Microsoft QUIC affected versions not specified Windows affected versions not specified .NET affected versions not specified Visual Studio affected versions not specified Description: The vulnerability is related to insufficient input validati...

PT-2023-31991 · Sourcecodester · Sourcecodester Best Courier Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Courier Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file view parcel.php. The manipulation of the id argument leads to sql injection...

PT-2023-32000 · Unknown · Sourcecodester Engineers Online Portal

Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A critical issue has been found in the software, affecting an unknown functionality of the file my classmates.php. The manipulation of the teacher class student id argument leads...

PT-2023-24463 · Unknown · Dcat-Admin

Name of the Vulnerable Software and Affected Versions: Dcat-Admin version 2.1.3-beta Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. This enables attackers to potentially manipula...

GHSA-5286-F2RF-35C2 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Impact A stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform...

CVE-2023-28836 Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views

Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting XSS vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for th...