CVE-2022-28521

CVE-2022-28521 affects ZCMS v20170206 (thinkphp-zcms). The vulnerability is a file inclusion flaw in index.php?m=home&c=home&a=sp_set_config that can lead to arbitrary code execution. Several sources (NVD, CNVD/CNNVD, Red Hat, PRION) corroborate the file inclusion risk; exploitation status is not...

CVE-2022-28521

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=spsetconfig...

CVE-2021-37293

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php...

Sql injection

An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the inputid POST parameter in index.php...

Directory traversal

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php...

CVE-2021-37293

A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php...

Cross site request forgery (csrf)

qdPM 9.2 allows Cross-Site Request Forgery CSRF via the index.php/myAccount/update URI...

CVE-2022-26180

The CVE-2022-26180 describes a CSRF vulnerability in qdPM 9.2 that can be exploited via the index.php/myAccount/update URI due to lack of CSRF token validation. Impact is high (C/H/I/A = High) with CVSS 3.1 base score 8.8; basic user interaction required (per the NVD entry). Exploitation details ...

CVE-2022-28002

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in DanPros htmly 2.8.1 via the Description field in 1 admin/config, and 2 index.php pages...

Cross-site Scripting (XSS)

phpLiteAdmin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of input via the index.php newRows parameter aka num or number...

Sourcecodester Student Attendance Management System跨站脚本漏洞

Sourcecodester Student Attendance Management System is an attendance management system used to maintain daily attendance records. A cross-site scripting vulnerability exists in Sourcecodester Student Attendance Management System version 1.0. The vulnerability stems from a lack of data validation...

Cross-Site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to reflected cross-site scripting. The vulnerability exists in index.php due to improper sanitization which allows an attacker to inject and execute arbitrary scripts...

CVE-2021-45866

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php...

CVE-2021-45866

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php...

Cross site scripting

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php...

CVE-2021-45866

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php...

GHSA-M2WV-M5PF-284R Cross-site Scripting in teampass

Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO. Someone must open a link for the Teampass Password Manager index page containing malicious payload...

Cross-site Scripting in teampass

Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO. Someone must open a link for the Teampass Password Manager index page containing malicious payload...

CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATHINFO...