CVE-2025-69241 Stored XSS in Raytha CMS

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in version 1.4.6...

PT-2026-5927

Name of the Vulnerable Software and Affected Versions NICE Chat affected versions not specified Description An HTML injection issue exists in NICE Chat. The issue allows an attacker to inject and display arbitrary HTML content within email transcripts. This is achieved by manipulating the firstNa...

CVE-2023-49548

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

CVE-2021-27318

Cross Site Scripting XSS vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter...

CVE-2025-11512 code-projects Voting System voters_add.php cross site scripting

A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/votersadd.php. The manipulation of the argument Firstname/Lastname/Platform results in cross site scripting. The attack can be executed remotely. The exploit has...

EUVD-2021-33479

Malicious code in bioql PyPI...

EUVD-2022-15880

Malicious code in bioql PyPI...

EUVD-2025-28863

Malicious code in bioql PyPI...

CVE-2025-28016

A Reflected Cross-Site Scripting XSS vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to execute arbitrary JavaScript code via the fname, lname, and contact parameters...

CVE-2025-9759 Campcodes/SourceCodester Courier Management System ajax.php signup sql injection

A security flaw has been discovered in Campcodes/SourceCodester Courier Management System 1.0. Affected by this issue is the function Signup of the file /ajax.php. Performing manipulation of the argument lastname results in sql injection. It is possible to initiate the attack remotely. The exploi...

CampCodes Courier Management System 安全漏洞

CampCodes Courier Management System is a courier management system from CampCodes Philippines. A security vulnerability exists in CampCodes Courier Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in file/ajax.php...

PT-2025-35473

Name of the Vulnerable Software and Affected Versions: RemoteClinic versions up to 2.0 Description: A flaw has been found in RemoteClinic that affects unknown code within the /staff/edit.php file. Manipulation of the Last Name argument can lead to cross-site scripting. The attack can be launched...

CVE-2025-9503

A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=saveborrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has be...

CVE-2025-9503 Campcodes Online Loan Management System ajax.php sql injection

A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=saveborrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has be...

CVE-2025-9503 Campcodes Online Loan Management System ajax.php sql injection

A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=saveborrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has be...

Campcodes Online Loan Management System 安全漏洞

CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in...

PT-2025-34823

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A security issue has been identified in Campcodes Online Loan Management System 1.0. The manipulation of the lastname argument in an unknown function of the file...

Patient Record Management System edit_xpatient.php File SQL Injection Vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter lastname in the file /editxpatient.php. An attacker...

Code-Projects Patient Record Management System 注入漏洞

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter lastname in the file /editxpatient.php. An attacker...

Patient Record Management System edit_rpatient.php.php file SQL injection vulnerability

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter id/lastname in file /editrpatient.php.php. An attacker...