15793 matches found
CVE-2024-48704
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes...
CVE-2024-48704
Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes...
PHPGurukul Old Age Home Management System 安全漏洞
PHPGurukul Old Age Home Management System is a nursing home management system from PHPGurukul. A security vulnerability exists in PHPGurukul Old Age Home Management System version v1.0, which originates from HTML injection in the searchdata parameter...
CVE-2024-48702
PHPGurukul Old Age Home Management System v1.0 is affected by HTML Injection through the searchdata parameter. The root cause is improper handling/escaping of input in the searchdata field, enabling injection of HTML content. Impact in documents indicates low to moderate risk for information disc...
PT-2025-22804 · Unknown · Phpgurukul Medical Card Generation System
Name of the Vulnerable Software and Affected Versions: Phpgurukul Medical Card Generation System version 1.0 Description: The issue is related to HTML Injection in the admin/contactus.php file via the pagedes parameter. This allows for potential malicious code injection. Recommendations: For...
CVE-2024-48704
CVE-2024-48704 affects Phpgurukul Medical Card Generation System v1.0. The issue is an HTML injection in admin/contactus.php via the pagedes parameter, caused by insufficient input filtering/escaping. Potential for injecting Web script/HTML (per CNVD/CNNVD entries); no exploit details provided in...
PT-2025-22803 · Unknown · Phpgurukul Old Age Home Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Old Age Home Management System version 1.0 Description: The issue concerns HTML Injection via the searchdata parameter. This allows for potential malicious code injection into the system. Recommendations: For PHPGurukul Old Age Hom...
CVE-2024-48702
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter...
CVE-2024-48702
PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter...
CVE-2022-42115
Cross-site scripting XSS vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's Label text field...
CVE-2022-43185
A stored cross-site scripting XSS vulnerability in the Configuration/Holidays module of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter...
CVE-2022-42112
A Cross-site scripting XSS vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...
CVE-2022-2099
The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles...
CVE-2022-1074
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads to html injection...
CVE-2022-40434
Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page...
CVE-2022-39270
DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...
CVE-2022-36527
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module...
CVE-2022-22293
admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAINMAXDECIMALSTOT parameter...
CVE-2022-36057
Discourse-Chat is an asynchronous messaging plugin for the Discourse open-source discussion platform. Users of Discourse Chat can be affected by admin users inserting HTML into chat titles and descriptions, causing a Cross-Site Scripting XSS attack. Version 0.9 contains a patch for this issue...
CVE-2022-32442
u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...