1010 matches found
CVE-2026-3318
Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection because the web application accepts a URL as a parameter without properly validating it. As a result,...
CVE-2026-4025
The PrivateContent Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'align' shortcode attribute in the pc-login-form shortcode in all versions up to, and including, 1.2.0. This is due to insufficient input sanitization and output escaping on the 'align' attribute...
CVE-2024-47097
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2026-11335
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...
CVE-2026-11335 tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...
CVE-2026-11335
The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...
CVE-2026-11335 tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...
CVE-2026-11335
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...
Timesheet Next Gen <=1.5.3 - Cross-Site Scripting
Timesheet Next Gen 1.5.3 and earlier is vulnerable to cross-site scripting that allows an attacker to execute arbitrary HTML and JavaScript code via a "redirect" parameter. The component is: Web login form: login.php, lines 40 and 54. The attack vector is: reflected XSS, victim may click the...
PT-2026-46961
A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiatio...
CVE-2024-47097
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2024-47096
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do...
CVE-2024-47096
CVE-2024-47096 is a reflected cross-site scripting vulnerability in Follet School Solutions Destiny prior to v22.0.1 AU1. The issue allows a remote attacker to execute arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do. According to the NVD entry, the CVS...
Follet School Solutions Destiny 安全漏洞
Follet School Solutions Destiny is a school solution provided by Follet Corporation. Versions of Follet School Solutions Destiny prior to 22.0.1 AU1 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the showSupportExpiredMessage paramet...
PT-2026-44213
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2026-9520
A flaw was found in blitz-js blitz. A remote attacker can exploit this vulnerability by manipulating the 'Next' argument within the 'LoginForm.tsx' component. This manipulation leads to cross-site scripting XSS, which allows the attacker to inject malicious scripts into web pages viewed by other...
CVE-2026-9520
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting
A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...
CVE-2026-9520
Product/affected software : blitz-js blitz (up to 3.0.2). Vulnerable component/file : packages/generator/templates/app/src/app/auth/components/LoginForm.tsx in the Sign-in module. Root cause : argument manipulation in Next leads to cross-site scripting. Impact : cross-site scripting vulnerability...