PT-2022-16054 · Npm · Jsonwebtoken

Name of the Vulnerable Software and Affected Versions: jsonwebtoken versions = 8.5.1 Description: A high-severity security flaw has been discovered in the jsonwebtoken library, leading to remote code execution RCE attacks. The issue arises when a malicious actor can modify the key retrieval...

CVE-2022-4217

The Chained Quiz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'apikey' parameter in versions up to, and including, 1.3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to...

PT-2022-22986 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: The issue arises from format string injection via the wpapsk configuration parameter within the testWifiAP XCMD handler. Specially-crafted configuration valu...

PT-2022-22889 · Wavlink · Wavlink Wn533A8 +4

Name of the Vulnerable Software and Affected Versions: WAVLINK WN572HP3 WAVLINK WN533A8 WAVLINK WN530H4 WAVLINK WN535G3 WAVLINK WN531P3 Description: The issue is related to the login.cgi, which has no filtering on the key parameter, leading to command injection in the /login.shtml page...

PT-2022-22637 · Nhi Card · Nhi Card

Name of the Vulnerable Software and Affected Versions: NHI card affected versions not specified Description: The issue is related to a stack-based buffer overflow vulnerability in the NHI card's web service component. This vulnerability is caused by insufficient validation for the key parameter i...

CVE-2022-33093

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resumelist...

Sql injection

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resumelist...

CVE-2022-33093

CVE-2022-33093 affects 74cmsSE v3.5.1, with a SQL injection vulnerability in the /freelance/resume_list endpoint via the key parameter. The root cause is improper validation of external input in that parameter, enabling potentially unauthorized SQL execution and data exposure as described in CNVD...

Pix-Link MiNi Router 跨站脚本漏洞

Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiniRouter 28K.MiniRouter.20190211 suffers from a cross-site scripting vulnerability, which stems from an unhandled security key parameter. An attacker could exploit the vulnerability to execute JavaScript code ...

CVE-2022-0397

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlistquickview AJAX action's response available to any authenticated user, leading to a Reflected Cross-Site Scripting...

CVE-2022-25013

Ice Hrm 30.0.0.OS was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the "key" and "fm" parameters in the component login.php...

Ice Hrm 跨站脚本漏洞

Ice Hrm is a human resource management system. Ice Hrm version 30.0.0.OS is vulnerable to a cross-site scripting vulnerability that stems from a lack of checksum filtering of user-supplied data and output data in the key and fm parameters in the component login.php. An attacker could exploit this...

CVE-2021-38325

The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the /user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0...

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress plugin User Activation Email 1.3 and earlier versions, whic...

Cross-site Scripting (XSS) - Reflected in bigprof-software/online-invoicing-system

✍️ Description Application is vulnerable to XSS through key parameter. Line 85 of membershippasswordReset.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in membershippasswordReset.php at line 85...

The vulnerability of the plus/ajax_street.php component of the 74cms CMS system, related to the lack of protection for SQL query structures, allows attackers to execute arbitrary SQL queries.

The vulnerability of the plus/ajaxstreet.php component of the 74cms CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries via the key parameter...

CVE-2020-22211

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php...

Sql injection

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php...

CVE-2020-22211

SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajaxstreet.php...

PT-2021-15763

Name of the Vulnerable Software and Affected Versions: Thrive Optimize WordPress plugin versions prior to 1.4.13.3 Thrive Comments WordPress plugin versions prior to 1.4.15.3 Thrive Headline Optimizer WordPress plugin versions prior to 1.3.7.3 Thrive Leads WordPress plugin versions prior to 2.3.9...