142 matches found
CVE-2025-1213 pihome-shc PiHome index.php cross site scripting
A vulnerability was found in pihome-shc PiHome 1.77. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument $SERVER'PHPSELF' leads to cross site scripting. The attack may be launched remotely. The exploit has...
CVE-2024-13074 PHPGurukul Land Record System index.php cross site scripting
A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
PHPGurukul Land Record System 安全漏洞
PHPGurukul Land Record System is a land management system from PHPGurukul. A security vulnerability exists in PHPGurukul Land Record System version 1.0, which stems from the parameter searchdata in the file /index.php that leads to cross-site scripting...
CVE-2024-13038
CVE-2024-13038 affects CodeAstro Simple Loan Management System v1.0, specifically the Login module’s /index.php. The vulnerability arises from manipulating the email parameter, causing SQL injection. It is exploitable remotely, and public exploits are disclosed. Multiple sources corroborate the i...
CVE-2024-12232 code-projects Simple CRUD Functionality index.php cross site scripting
A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The...
CVE-2024-9085
A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2024-8294 FeehiCMS index.php update unrestricted upload
A vulnerability, which was classified as critical, was found in FeehiCMS up to 2.1.1. This affects the function update of the file /admin/index.php?r=friendly-link%2Fupdate. The manipulation of the argument FriendlyLinkimage leads to unrestricted upload. It is possible to initiate the attack...
CVE-2024-5636 itsourcecode Bakery Online Ordering System index.php sql injection
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be launched remotely. The...
CVE-2024-4818
A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been...
CVE-2024-3525 Campcodes Online Event Management System index.php cross site scripting
A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The...
PT-2024-18460 · Unknown · Sourcecodester Online Learning System V2
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Learning System V2 version 1.0 Description: A problematic issue was found in the software, affecting an unknown function of the file /index.php. The manipulation of the page argument leads to cross-site scripting. It is...
CVE-2023-48208
A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, pluginsmsapikey, pluginsmscountrycode, uuid, title, or country name parameter to index.php...
I-doit pro Cross-Site Scripting Vulnerability
i-doit is a configuration management database software from i-doit Inc. A security vulnerability exists in I-doit pro 25 and prior versions that stems from vulnerability to cross-site scripting XSS attacks via index.php...
CVE-2023-40753
There is a Cross Site Scripting XSS vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2...
phpRecDB 跨站脚本漏洞
phpRecDB is a free php script from phpRecDB Inc. It is used to create a real-time record collection website. A cross-site scripting vulnerability exists in phpRecDB version 1.3.1, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter r/view of the fi...
CVE-2023-36309
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0...
PT-2023-25528 · Phpjabbers · Phpjabbers Callback Widget
Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS issue in the value-enum-o bf include timezone parameter of index.php. This allows for potential malicious script execution. Recommendations: For PHPJabber...
CVE-2023-3564
A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. It has been classified as problematic. Affected is an unknown function of the file /index.php. The manipulation of the argument adults/children/calid leads to cross site scripting. It is possible to launch the attack...
PT-2023-24927 · Unknown · Sourcecodester Shopping Website
Name of the Vulnerable Software and Affected Versions: SourceCodester Shopping Website version 1.0 Description: A critical issue has been found, affecting an unknown function of the file index.php. The manipulation of the username argument leads to sql injection, allowing remote attacks. The...
YFCMF 安全漏洞
YFCMF is a software application. It provides a lightweight enterprise website management system. A security vulnerability exists in YFCMF before 3.0.4, which stems from unknown code in index.php that causes path traversal...