354 matches found
weimai-wetapp SQL注入漏洞
Weimai-Wetapp is a movie ticket purchasing mini-program and backend management system developed by MO-KE individuals. Weimai-Wetapp has a SQL injection vulnerability, which stems from incorrect handling of the keyword parameter in the getAdmins function of the...
CVE-2019-25445
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
CVE-2019-25445
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
CVE-2019-25445
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
CVE-2019-25445 Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
CVE-2019-25445
Fiverr Clone Script 1.2.2 contains a cross-site scripting (XSS) vulnerability in the keyword parameter of search-results.php. Unauthenticated attackers can craft URLs with script tags in the keyword parameter to execute arbitrary JavaScript in users’ browsers. CVSS data provided: CVSS v4.0 base s...
CVE-2019-25445 Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
Phpscriptsmall Fiverr Clone Script 跨站脚本漏洞
Phpscriptsmall Fiverr Clone Script is a set of software scripts developed by Phpscriptsmall. The Phpscriptsmall Fiverr Clone Script 1.2.2 version contains a cross-site scripting vulnerability. This vulnerability stems from the keyword parameter being susceptible to cross-site scripting attacks,...
PT-2026-21284
Fiverr Clone Script 1.2.2 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft URLs with script tags in the keyword parameter of search-results.php to execute arbitrary JavaScript...
JeecgBoot SQL注入漏洞
JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. JeecgBoot versions 3.9.1 and earlier contain an SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “keyword” in the...
CVE-2026-1931
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
WordPress Rent Fetch plugin <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability
Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter vulnerability discovered by WordFence in WordPress Plugin Rent Fetch versions = 0.32.6...
CVE-2026-1931
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931 Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
CVE-2026-1931
The affected software is the Rent Fetch plugin for WordPress. The CVE describes a Stored Cross‑Site Scripting flaw via the keyword parameter in all versions up to 0.32.4 caused by insufficient input sanitization and output escaping on user-supplied attributes. Unauthenticated attackers can inject...
CVE-2026-1931 Rent Fetch <= 0.32.4 - Unauthenticated Stored Cross-Site Scripting via 'keyword' Parameter
The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to...
PT-2026-20292
Name of the Vulnerable Software and Affected Versions Rent Fetch plugin for WordPress versions up to and including 0.32.4 Description The Rent Fetch plugin for WordPress is susceptible to Stored Cross-Site Scripting through the keyword parameter. This is due to inadequate input sanitization and...
PT-2026-5957
Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description A buffer overflow issue exists in the setParentalRules interface. The urlKeyword parameter does not undergo proper validation. The system concatenates multiple user-supplied values int...
CVE-2025-67189
CVE-2025-67189 affects TOTOLINK A950RG, specifically the setParentalRules interface where the urlKeyword parameter is not properly validated. The vulnerability arises from concatenating multiple user-supplied fields into a fixed-size stack buffer without boundary checks, enabling a remote attacke...