108 matches found
EUVD-2025-28754
Malicious code in bioql PyPI...
CVE-2025-28016
A Reflected Cross-Site Scripting XSS vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters...
CVE-2025-28016
The CVE-2025-28016 entry concerns the PHPGurukul User Registration & Login and User Management System v3.3. A Reflected Cross-Site Scripting (XSS) vulnerability exists in loginsystem/edit-profile.php, allowing remote attackers to execute arbitrary JavaScript via the fname, lname, and contact para...
Employee Record Management System myprofile.php File Cross-Site Scripting Vulnerability
Employee Record Management System is an employee record management system. The Employee Record Management System suffers from a cross-site scripting vulnerability that arises from insufficient filtering of the First name parameter in the /myprofile.php file. An attacker can exploit this...
PHPGurukul Employee Record Management System 代码注入漏洞
Employee Record Management System is an employee record management system. The Employee Record Management System suffers from a cross-site scripting vulnerability that arises from insufficient filtering of the First name parameter in the /myprofile.php file. An attacker can exploit this...
PT-2025-35087
Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping System Advanced version 1.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in the register.php file. Unsanitized user input in the f name parameter is reflected in the server response...
CVE-2025-8811 code-projects Simple Art Gallery registration.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely...
Hospital Management System 安全漏洞
Hospital Management System is a hospital management system by Kishan Lal, an individual developer. A security vulnerability exists in Hospital Management System version v4, which is caused by a cross-site scripting attack due to incorrect manipulation of the parameters fname and lname in the file...
CVE-2025-7605
A vulnerability was found in code-projects AVL Rooms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument firstname leads to sql injection. The attack may be launched remotely. The exploit has been...
Code-Projects AVL Rooms 安全漏洞
Code-Projects AVL Rooms is an AVL room system from Code-Projects open source. A security vulnerability exists in Code-Projects AVL Rooms version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter firstname in the file /profile.php...
PT-2025-29463 · Avl Rooms · Avl Rooms
Name of the Vulnerable Software and Affected Versions: AVL Rooms version 1.0 Description: A vulnerability exists in AVL Rooms that may allow for remote exploitation. The issue is related to SQL injection within the /profile.php file, specifically through manipulation of the first name parameter...
itsourcecode Employee Management System 注入漏洞
itsourcecode Employee Management System is itsourcecode open source employee management system. An injection vulnerability exists in itsourcecode Employee Management System version 1.0, which stems from improper handling of the parameter FirstName in the file /admin/editempprofile.php, which can...
CVE-2023-1031
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...
Project Worlds Online Lawyer Management System 注入漏洞
Project Worlds Online Lawyer Management System is an online lawyer management system from Project Worlds, Inc. An injection vulnerability exists in Project Worlds Online Lawyer Management System version 1.0, which stems from an incorrect operation of the parameter firstName that can lead to SQL...
Code-Projects Payroll Management System 安全漏洞
Code-Projects Payroll Management System is an open source payroll management system from Code-Projects. A security vulnerability exists in Code-Projects Payroll Management System version 1.0, which stems from an incorrect manipulation of the parameters lname and fname that can lead to SQL injecti...
Serosoft Solutions Academia Student Information System EagleR 跨站脚本漏洞
Serosoft Solutions Academia Student Information System EagleR is a student information system from Serosoft Solutions, India. A security vulnerability exists in Serosoft Solutions Academia Student Information System EagleR v1.0.118, which stems from a stored cross-site scripting vulnerability in...
CVE-2024-33299
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users...
Code-Projects Job Recruitment 代码注入漏洞
Code-Projects Job Recruitment is an open source job portal from Code-Projects. A code injection vulnerability exists in Code-Projects Job Recruitment version 1.0, which originates from a cross-site scripting vulnerability in the fname/lname parameter of the /parse/alledits.php file...
Code-Projects Job Recruitment 注入漏洞
Code-Projects Job Recruitment is a job portal of Code-Projects open source. Code-Projects Job Recruitment version 1.0 suffers from an injection vulnerability, which originates from the parameter fname/lname in the flnupdate function of the file /parse/alledits.php, which can lead to SQL injection...
PHP CRUD 跨站脚本漏洞
PHP CRUD is a PHP-based implementation of add, delete, change and retrieve. A cross-site scripting vulnerability exists in PHP CRUD version 1.0, which stems from a cross-site scripting vulnerability contained in the firstname/middlename/lastname parameters of the /endpoint/update.php file...