Lucene search
K

15798 matches found

CVE
CVE
added 2025/04/30 12:0 a.m.56 views

CVE-2025-45011

CVE-2025-45011 : HTML Injection vulnerability in PHPGurukul Park Ticketing Management System v2.0’s /foreigner-search.php (parameter: searchdata). Root cause: improper handling of searchdata input leading to HTML injection and potential code execution. Affected component: foreigner-search.php in ...

5.3CVSS7.8AI score0.00283EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.4 views

PT-2025-18258 · Ctrlx Os · Ctrlx Os

Name of the Vulnerable Software and Affected Versions: ctrlX OS affected versions not specified Description: A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrar...

6.3CVSS6.8AI score0.00281EPSS
Exploits0References6
CVE
CVE
added 2025/04/30 12:0 a.m.57 views

CVE-2025-45010

CVE-2025-45010 affects PHPGurukul Park Ticketing Management System v2.0 in the normal-bwdates-reports-details.php endpoint. The issue is HTML injection via the POST parameters fromdate and todate, enabling potential arbitrary code execution. No official fix/version is documented in the provided s...

5.3CVSS7.8AI score0.00283EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.2 views

PT-2025-18281 · Unknown · Phpgurukul Park Ticketing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A HTML Injection issue was discovered in the normal-search.php file, allowing remote attackers to execute arbitrary code via the searchdata parameter. This enables attackers...

5.3CVSS7.7AI score0.00283EPSS
Exploits1References3
CVE
CVE
added 2025/04/30 12:0 a.m.54 views

CVE-2025-45009

CVE-2025-45009 affects PHPGurukul Park Ticketing Management System v2.0. The vulnerability is HTML Injection in normal-search.php via the searchdata parameter, enabling remote attacker-controlled HTML output and potential code execution. Root cause: mishandling of the searchdata input. Impact per...

5.3CVSS8.1AI score0.00283EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.2 views

PHPGurukul Park Ticketing Management System 安全漏洞

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from an HTML injection vulnerability that stems from improper handling of the fromdate and todate parameters in the normal-bwdates-reports-details.php file. No details of the...

5.3CVSS7.1AI score0.00283EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/30 12:0 a.m.12 views

CVE-2025-45009

A HTML Injection vulnerability was discovered in the normal-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata parameter...

0.00283EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.3 views

PT-2025-18282 · Unknown · Phpgurukul Park Ticketing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A HTML Injection issue was discovered in the normal-bwdates-reports-details.php file. This issue allows remote attackers to execute arbitrary code via the fromdate and todat...

5.3CVSS7.5AI score0.00283EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/04/30 12:0 a.m.3 views

PT-2025-18283 · Unknown · Phpgurukul Park Ticketing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Park Ticketing Management System version 2.0 Description: A HTML Injection issue was discovered in the foreigner-search.php file, allowing remote attackers to execute arbitrary code via the searchdata POST request parameter in the...

5.3CVSS7.8AI score0.00283EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/04/30 12:0 a.m.4 views

Bosch Rexroth ctrlX OS 安全漏洞

Bosch Rexroth ctrlX OS is a Linux-based real-time operating system from Bosch Rexroth, Germany, designed as an open control platform for industrial automation equipment. A security vulnerability exists in Bosch Rexroth ctrlX OS that stems from mishandling of error notification messages, which cou...

6.3CVSS6.6AI score0.00281EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/30 12:0 a.m.8 views

CVE-2025-45011

A HTML Injection vulnerability was discovered in the foreigner-search.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the searchdata POST request parameter...

8.1AI score0.00283EPSS
Exploits1References1
OSV
OSV
added 2025/04/28 9:15 p.m.2 views

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/28 8:57 p.m.22 views

CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

6.3CVSS0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/26 5:12 a.m.6 views

CVE-2025-28102

A cross-site scripting XSS vulnerability in flaskBlog v2.6.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the postContent parameter at /createpost...

6.1CVSS5.8AI score0.00205EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/26 12:7 a.m.7 views

CVE-2025-32960

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

6.4CVSS6.8AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2025/04/22 6:15 p.m.3 views

CVE-2023-43378

A cross-site scripting XSS vulnerability in Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento11 parameter...

6.1CVSS5.7AI score
Exploits0References1
CVE
CVE
added 2025/04/22 12:0 a.m.84 views

CVE-2023-43378

CVE-2023-43378 corresponds to an XSS vulnerability in Hoteldruid v3.0.5, exploitable via a crafted payload in the commento1_1 parameter. The CVE entry indicates attackers can execute arbitrary web scripts or HTML in victims’ browsers. The associated metrics show a CVSS v3.1 base score of 6.1 (MED...

6.1CVSS5.9AI score0.00278EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2025/04/21 3:53 a.m.7 views

HTML Injection

verbb/formie is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of HTML content in the email notification preview feature, allows an attacker to inject malicious HTML content into the email notification preview...

5.4CVSS7.2AI score0.00182EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/04/19 3:30 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Homepage Content argument in the system setting handler. An attacker can alter the display of web pages or redirect users to malicious websites by injecting arbitrary web script o...

4.8CVSS5.2AI score0.00278EPSS
Exploits0References3
OSV
OSV
added 2025/04/18 5:15 p.m.5 views

CVE-2024-41447

A stored cross-site scripting XSS vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the author parameter under the Create/Modify article function...

5.4CVSS5.4AI score
Exploits0References1
Rows per page
Query Builder