CVE-2025-65877

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

CVE-2025-65877

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

educhoices.org XSS vulnerability

Vulnerable URL: http://educhoices.org/find/textlookup.html Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1068702 VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability...

carprices.com XSS vulnerability

Vulnerable URL: http://www.carprices.com/find/105+';";;---- OmniGooch --;'+dist ASC+Xz4?id=blank Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1115114 VIP website status:| No...

torrents.net XSS vulnerability

Vulnerable URL: http://www.torrents.net/find/a+brilliant/=1prompt/XSSPOSED/...

Respondly: Find, private notes Cross-site scripting.

Hi. When I go to the find page and insert a private note, with as content : img src='x' onerror='alert4' it will execute directly. As preview : 1. http://prntscr.com/3axvz5 2. http://prntscr.com/3axw3k Best regards, Olivier Beg...