WordPress plugin LatePoint 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-7296

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger

A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...

CVE-2026-2154

A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument First Name leads to cross site scripting...

Exploit for Cross-site Scripting in Oretnom23 Banking_System

Description 1. CVE-2025-14221 2. Discoverer: Fatma Trabelsi 3...

CVE-2025-41106

HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter 'firstname' in '/clients/savecontact/'...

CVE-2025-11410

A flaw has been found in Campcodes Advanced Online Voting Management System 1.0. This affects an unknown function of the file /admin/votersadd.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be executed remotely. The exploit has been published and m...

CVE-2025-11333

A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customeraddaction.php of the component Add Customer Page. The manipulation of the argument First Name leads to cross site scripting...

EUVD-2020-23004

Malware in sbrugna...

CVE-2025-11333

A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customeraddaction.php of the component Add Customer Page. The manipulation of the argument First Name leads to cross site scripting...

CVE-2025-51971

CVE-2025-51971 affects PuneethReddyHC Online Shopping System Advanced 1.0. A reflected XSS exists in register.php due to unsanitized input in the f_name parameter being reflected in the response, allowing remote JavaScript injection. Impact is reflected, client-side HTML encoding/output escaping ...

CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...

CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...

CVE-2024-31064

CVE-2024-31064 affects Insurance Mangement System (version 1.0.0 and earlier). The vulnerability is a Cross Site Scripting (XSS) flaw in the First Name input field that enables a remote attacker to execute arbitrary code. The root cause is unsanitized input in the First Name field leading to scri...

CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...

PT-2024-16132 · Sourcecodester · Sourcecodester Facebook News Feed Like

Name of the Vulnerable Software and Affected Versions: SourceCodester Facebook News Feed Like version 1.0 Description: A problematic issue has been found, affecting the New Account Handler component. The manipulation of the First Name/Last Name argument with the input alert1 leads to cross-site...

PT-2024-15426 · Unknown · Project Worlds Online Lawyer Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Lawyer Management System version 1.0 Description: A vulnerability has been found in the User Registration component of the system. The manipulation of the First Name argument leads to cross-site scripting. It is possible...

PT-2022-22980 · Unknown · Sourcecodester Simple Cold Storage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Cold Storage Management System version 1.0 Description: A vulnerability was found in the My Account component, where the manipulation of the First Name argument leads to cross-site scripting. The attack can be launched...