School Club Application System 跨站脚本漏洞

School Club Application System is a school club application system by Carlo Montero Personal Developer. A security vulnerability exists in School Club Application System version 0.1, which originates from a stored cross-site scripting XSS vulnerability in /scas/?page=clubs/applicationform&id=7. A...

GHSA-CV24-VH45-4HJM Foxlor cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...

CVE-2022-30842

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting XSS via /ctpms/classes/Users.php?f=save, firstname...

CVE-2022-30460

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting XSS via /sns/classes/Users.php?f=save, firstname...

CVE-2022-30460

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting XSS via /sns/classes/Users.php?f=save, firstname...

CVE-2022-30462

Water-billing-management-system v1.0 is affected by: Cross Site Scripting XSS via /wbms/classes/Users.php?f=save, firstname...

CVE-2022-30462

Water-billing-management-system v1.0 is affected by: Cross Site Scripting XSS via /wbms/classes/Users.php?f=save, firstname...

CVE-2022-30462

Water-billing-management-system v1.0 is affected by: Cross Site Scripting XSS via /wbms/classes/Users.php?f=save, firstname...

Simple Social Networking Site 跨站脚本漏洞

Simple Social Networking Site is a social networking site by Carlo Montero Personal Developer. A security vulnerability exists in version 1.0 of Simple Social Networking Site, which originates from a /sns/classes/Users.php?f=save, firstname stored cross-site scripting XSS attack...

GHSA-HQ29-VQG6-PJPW Liferay Portal Vulnerable to XSS in Profile Search Functionality

Cross-site scripting XSS vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field...

SuiteCRM Remote Code Execution Vulnerability

SuiteCRM is a customer relationship management system from the Suitecrm team. A remote code execution vulnerability exists in SuiteCRM version v7.11.23, which originates from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

CVE-2022-27474

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field...

CVE-2022-27474

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field...

CVE-2022-27474

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field...

Remote code execution

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field...

CVE-2022-27474

SuiteCRM v7.11.23 is affected by CVE-2022-27474, enabling remote code execution via a crafted payload injected into the FirstName field. The issue originates from improper handling/validation of externally entered data within a code path that builds a code segment, allowing an attacker to execute...

CVE-2022-27474

SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the Suitecrm team. A remote code execution vulnerability exists in SuiteCRM version v7.11.23, which originates from a failure of a networked system or product to properly filter specific elements of externally entered data during the...

Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File

Description Formula Injection/CSV Injection in "Firstname" & "Lastname" due to Improper Neutralization of Formula Elements in CSV File. Proof of Concept 1.Go to a Preferences from the user account and in Personal info of "Firstname" & "Lastname" insert the below payloads. 2.Payloads:-...

CVE-2022-23873

Victor CMS v1.0 was discovered to contain a SQL injection vulnerability that allows attackers to inject arbitrary commands via 'userfirstname' parameter...