31 matches found
CVE-2026-2714
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
EUVD-2026-24636
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2026-2714
CVE-2026-2714 affects the Institute Management plugin for WordPress (up to version 5.5). The vulnerability is a stored cross-site scripting issue in the Enquiry Form Title setting caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at Administ...
PT-2026-34271
The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Institute Management 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. In versions...
EUVD-2024-33383
Malicious code in bioql PyPI...
CVE-2024-10764
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/saveuser.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...
CVE-2024-10765
A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument oldimage leads to unrestricted upload. The attack can be initiated remotely. The exploit ha...
CVE-2024-10993
A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /managewebsite.php. The manipulation of the argument websiteimage leads to unrestricted upload. It is possible to launch the attack remotely...
CVE-2024-10994
The CVE-2024-10994 entry refers to Codezips Online Institute Management System 1.0. Affected is the /edit_user.php functionality where manipulating the image parameter enables unrestricted file upload. This remote attack is publicly disclosed and can lead to high-impact outcomes (as reflected in ...
CVE-2024-10994 Codezips Online Institute Management System edit_user.php unrestricted upload
A vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edituser.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched...
CVE-2024-10993
Codezips Online Institute Management System 1.0 is affected by CVE-2024-10993 due to an issue in the website_image parameter of /manage_website.php, which allows unrestricted upload. The vulnerability enables remote exploitation and the exploit has been disclosed publicly. Technical details acros...
CVE-2024-10993 Codezips Online Institute Management System manage_website.php unrestricted upload
A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /managewebsite.php. The manipulation of the argument websiteimage leads to unrestricted upload. It is possible to launch the attack remotely...
CVE-2024-10993 Codezips Online Institute Management System manage_website.php unrestricted upload
A vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /managewebsite.php. The manipulation of the argument websiteimage leads to unrestricted upload. It is possible to launch the attack remotely...
Codezips Online Institute Management System 安全漏洞
Codezips Online Institute Management System is an open source online institute management system from Codezips. A security vulnerability exists in Codezips Online Institute Management System version 1.0, which stems from the parameter image in the file /edituser.php that can lead to unrestricted...
CVE-2024-10764
A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/saveuser.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...