CVE-2025-10651

The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ordermail' setting in versions up to, and including, 2.11.22. This is due to insufficient sanitization on the ordermail field and a lack of escaping on output. This makes it possible for authenticate...

TONGDA Office Anywhere SQL Injection Vulnerability

TONGDA Office Anywhere is a collaborative office OA system. Tongda OA 2017 11.9 and earlier versions have a SQL injection vulnerability that originates from a SQL injection vulnerability in the file pda/pad/email/delete.php...

CVE-2023-2386

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site...

CVE-2020-36071

SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page...

PT-2023-11801 · Unknown · Tailoring Management System

Name of the Vulnerable Software and Affected Versions: Tailor Management System version 1 Description: A SQL injection issue allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the "email.php" page. This enables the attacker to potentially access and...

CVE-2022-27545

BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page...

Withdrawn Advisory: Magento 2 Community Edition XSS Vulnerability

Withdrawn Advisory This advisory has been withdrawn because the vulnerability does not affect a package in one of the GitHub Advisory Database's supported ecosystems. This link is maintained to preserve external references. Original Description In Magento prior to 1.9.4.3 and Magento prior to...

PT-2021-20539 · Unknown · Solar-Log 200 +2

Name of the Vulnerable Software and Affected Versions: Solar-Log 500 versions prior to 2.8.2 Build 52 23.04.2013 Solar-Log 200 versions prior to 3.0.0-60 11.10.2013 Solar-Log 1000 versions prior to 3.0.0-60 11.10.2013 Description: An issue was discovered in the affected software where cleartext...

Rencontre < 3.2 - Authenticated Stored XSS via textmail & textanniv Parameters

An authenticated persistent cross-site scripting vulnerability has been found in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in the victim's browser when they visit the web site. Affected Version Version: alert'XSS'// Encoded-Payload:...

HealthNode Hospital Management System 1.0 - SQL Injection

Exploit Title: HealthNode Hospital Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://sunriseservices.biz/ Software Link: https://codecanyon.net/item/healthnode-hospital-management-system/22368747 Version: 1.0 Category: Webapps...

SquirrelMail Cross-Site Scripting Vulnerability (CNVD-2019-19610)

SquirrelMail is a cross-platform use of PHP4 development Webmail mail system . A cross-site scripting vulnerability exists in the email message display page of SquirrelMail 1.4.22 and earlier versions, which can be exploited by remote attackers to inject malicious scripts into a web page and...

pr-inside.com XSS vulnerability

Open Bug Bounty ID: OBB-633469 Description| Value ---|--- Affected Website:| pr-inside.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

hospitalistjobs.com XSS vulnerability

Vulnerable URL: http://www.hospitalistjobs.com/EmailJobSelfHJ.asp?OpeningSentence=East%20Coast%20Florida%20%E2%80%93%20Daytona%20Beach/Orlando%20Area=3914Hosp=3046=1"...

livesupport.blibli.com XSS vulnerability

Vulnerable URL: https://livesupport.blibli.com/email/offline-mail.jsp?workgroup=prompt'OPENBUGBOUNTY'...

MantisBT Multiple Local File Include and Cross Site Scripting Vulnerabilities

This host is running MantisBT and is prone to multiple local file include and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmantismultlfinxssvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ MantisBT Multiple Local File Include and Cross Site Scripting Vulnerabilities...

CVE-2010-2013

Cross-site scripting XSS vulnerability in cp/editemail.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

Unfixed XSS vulnerability at www.add.org.uk

Security researcher Mystick, has submitted on 27/10/2008 a cross-site-scripting XSS vulnerability affecting www.add.org.uk, which at the time of submission ranked 3342628 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/09/2009. It is current...