428 matches found
NextCloud Server path traversal vulnerability
NextCloud Server is an open-source NextCloud server program developed by NextCloud. Versions of NextCloud Server from 31.0.0 to 31.0.14 and from 32.0.0 to 32.0.4 contained a path traversal vulnerability. This vulnerability occurred when the lang parameter was used in template directory...
CVE-2018-25379
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...
CVE-2018-25379 Collectric CMU 1.0 SQL Injection via lang Parameter
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...
CVE-2018-25379
CVE-2018-25379 affects Collectric CMU 1.0 and describes a boolean-based blind SQL injection in the login flow through the lang parameter. The vulnerability allows unauthenticated attackers to influence database queries during authentication, enabling extraction of sensitive data via time-based bl...
Collectric CMU SQL注入漏洞
The Collectric CMU is a smart meter device from Collectric in the Netherlands that supports power metering with supporting communication extensions. A SQL injection vulnerability exists in Collectric CMU version 1.0, which stems from the presence of Boolean-based blind SQL injection in the lang...
PT-2026-43231
Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated attackers to manipulate database queries during authentication. Attackers can inject SQL code through the lang parameter in login requests to extract sensitive informati...
CVE-2026-6439
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozenconf function. The 'lang' POST parameter is stored directly via updateoption without any...
EUVD-2026-23399
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozenconf function. The 'lang' POST parameter is stored directly via updateoption without any...
CVE-2026-6439
The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozenconf function. The 'lang' POST parameter is stored directly via updateoption without any...
CVE-2026-6439
The CVE-2026-6439 entry concerns the VideoZen WordPress plugin (versions up to 1.0.1). The vulnerability is a Stored Cross-Site Scripting flaw in the videozen_conf() function where the 'lang' POST parameter is stored via update_option() without sanitization and later echoed inside a without prop...
PT-2026-33430
Name of the Vulnerable Software and Affected Versions VideoZen versions prior to 1.0.2 Description The VideoZen plugin for WordPress contains a Stored Cross-Site Scripting issue caused by insufficient input sanitization and output escaping in the videozen conf function. The lang POST parameter is...
📄 Omega-PSIR Cross Site Scripting
Omega-PSIR suffers from a cross site scripting vulnerability via the lang parameter. CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a... Overview | Field | Details | |---|---| | CVE ID | CVE-2026-1434 | | Severity | MEDIUM | | Advisory | N/A...
Exploit for Cross-site Scripting in Pw Omega-Psir
CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via t...
CVE-2026-1434
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...
EUVD-2026-9021
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...
CVE-2026-1434
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...
CVE-2026-1434 Reflected XSS in Omega-PSIR
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...
CVE-2026-1434
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...
CVE-2026-1434 Reflected XSS in Omega-PSIR
Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...
Omega-PSIR 跨站脚本漏洞
Omega-PSIR is a comprehensive scientific information management system operated by Politechnika Warszawska. Omega-PSIR has a cross-site scripting vulnerability, which stems from the reflective cross-site scripting present in the lang parameter. This vulnerability could allow attackers to execute...