370 matches found
CVE-2021-40969
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter...
CVE-2021-40969
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter...
CVE-2021-40969
Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter...
CVE-2021-40969
Removed by vendor...
TikTok: HTML Injection on tiktoktutorials via firstName parameter
HTML injection was found in tiktoktutorials endpoint which could have potentially allowed attackers to modify the content of the email and trick users into visiting malicious sites. We thank @siratsami for reporting this to our team...
Listeo < 1.6.11 - Multiple XSS & XFS vulnerabilities
The theme did not properly sanitise some parameters in its Search, Booking Confirmation and Personal Message pages, leading to Cross-Site Scripting issues - Unauthenticated Reflected XSS | Search query, vulnerable parameters: keywordsearch and locationsearch - Authenticated Persistent XSS & XFS |...
CVE-2021-27320
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...
CVE-2021-27320
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...
Sql injection
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...
CVE-2021-27320
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...
Doctor Appointment System 1.0 Blind SQL Injection Vulnerability
Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in email parameter CVE: CVE-2021-27319 Exploit Author: Nakul Ratti Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...
Mail.ru: Stored XSS на странице "Почты" [city-mobil.ru/taxiserv]
Stored XSS on city-mobil.ru/taxiserv mail page via firstname and lastname of driver...
Mail.ru: Stored XSS на странице "Изменить клиента", вкладка "История" [city-mobil.ru/taxiserv]
Stored XSS on city-mobil.ru/taxiserv driver page via firstname and lastname of driver...
PT-2020-14079 · Global Radar · Global Radar Bsa Radar
Name of the Vulnerable Software and Affected Versions: Global RADAR BSA Radar versions 1.6.7234.24750 and earlier Description: The issue concerns stored cross-site scripting XSS via the Update User Profile feature. Specifically, the Firstname and Lastname parameters are vulnerable. Recommendation...
Mail.ru: HTTP-Response-Splitting leads to information disclosure (email, firstname, lastname) at https://tz.mail.ru
CRLF injection via GET paramaters in tz.mail.ru Clientside vulnerabilities in tz.mail.ru is not currently covered by Bug Bounty program...
osTicket 1.12 Cross Site Scripting
Exploit Title: osTicket-v1.12 Stored XSS Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14750 1. Description An issue was...
PHP Scripts Mall Entrepreneur B2B Script Cross-Site Scripting Vulnerability
PHP Scripts Mall Entrepreneur B2B Script is a suite of B2B e-commerce platforms from PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Entrepreneur B2B Script version 3.0.6, which can be exploited by a remote attacker to inject arbitrary web script or HTML vi...
CVE-2018-9283
An XSS issue was discovered in CremeCRM 1.6.12. It is affected by 10 stored Cross-Site Scripting XSS vulnerabilities in the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address, shippingaddress-zipcode,...
Cross site scripting
An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billingaddress-address, billingaddress-zipcode, billingaddress-city, billingaddress-department, shippingaddress-address,...