CVE-2025-69241

Raytha CMS is affected by CVE-2025-69241, a Stored XSS in the profile editing flow via FirstName/LastName. An authenticated attacker can inject HTML/JS that executes when the edited page is viewed. The issue has been fixed in version 1.4.6. The CVSSv4 metrics indicate a Medium impact (base score ...

CVE-2026-3171 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System queue.php cross site scripting

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross site scripting. The attack is possible to b...

CVE-2026-3171

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /queue.php. This manipulation of the argument firstname/lastname causes cross site scripting. The attack is possible to b...

Simple Responsive Tourism Website 代码注入漏洞

Simple Responsive Tourism Website is a simple responsive tourism website. Version 1.0 of Simple Responsive Tourism Website has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameters firstname, lastname, and username in the...

CVE-2025-11421

A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidatesedit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has be...

CVE-2025-11512

A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/votersadd.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack can be executed remotely. The exploit has...

CVE-2025-11421

A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidatesedit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has be...

CVE-2025-11421 code-projects Voting System candidates_edit.php cross site scripting

A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidatesedit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has be...

Code-Projects Voting System 代码注入漏洞

Code-Projects Voting System is a Code-Projects open source election system. A code injection vulnerability exists in Code-Projects Voting System version 1.0, which stems from incorrect manipulation of the parameters Firstname/Lastname/Platform in the file /admin/candidatesedit.php, which could le...

CVE-2025-7840

A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=reserve of the component Reserve Your Seat Page. The manipulation of the argument Firstname/Lastname leads to...

CampCodes Online Movie Theater Seat Reservation System 代码注入漏洞

CampCodes Online Movie Theater Seat Reservation System is an online movie theater seat reservation system from CampCodes Philippines, Inc. A code injection vulnerability exists in version 1.0 of the Campcodes Online Movie Theater Seat Reservation System, which originates from cross-site scripting...

Wazifa System search_resualts.php file cross-site scripting vulnerability

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the firstname/lastname parameter of the searchresualts.php file, which can be exploited to execute...

CVE-2024-53481

A Cross Site Scripting XSS vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters...

CVE-2024-54922

A SQL Injection was found in /admin/edituser.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters...

CVE-2024-50836

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and lastname parameters...

CVE-2024-0504

A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file addreserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input...

CVE-2023-5283 SourceCodester Engineers Online Portal teacher_signup.php sql injection

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teachersignup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The...

PT-2022-9025 · Unknown · Dwc Network Server Emulator

Name of the Vulnerable Software and Affected Versions: barronwaffles dwc network server emulator affected versions not specified Description: A critical issue has been found in the dwc network server emulator, affecting the update profile function in the file gamespy/gs database.py. The...

CVE-2022-43097

Phpgurukul User Registration & User Management System v3.0 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the firstname and lastname parameters of the registration form & login pages...

Mail.ru: Stored XSS на странице "Почты" [city-mobil.ru/taxiserv]

Stored XSS on city-mobil.ru/taxiserv mail page via firstname and lastname of driver...