Lucene search
+L

1030 matches found

CVE
CVE
added 2026/06/05 2:30 p.m.28 views

CVE-2026-11335

The CVE-2026-11335 affects the tittuvarghese CollegeManagementSystem (login-form.php) where the session_start function can be manipulated via UserAuthData, enabling remote session fixation. The flaw is exploitable without user privileges and is evidenced by published exploits; the project reporte...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/05 2:30 p.m.10 views

CVE-2026-11335 tittuvarghese CollegeManagementSystem login-form.php session_start session fixiation

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 2:30 p.m.8 views

CVE-2026-11335

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function sessionstart of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiation...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

CollegeManagementSystem 授权问题漏洞

CollegeManagementSystem is a comprehensive management system for college students and academic administration, developed by Tittu Varghese. There are authorization issues in CollegeManagementSystem; these issues stem from improper handling of the UserAuthData parameter in the sessionstart functio...

7.5CVSS6.4AI score0.00232EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.20 views

PT-2026-46961

A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session start of the file /login-form.php. Executing a manipulation of the argument UserAuthData can lead to session fixiatio...

7.5CVSS6.2AI score0.00232EPSS
Exploits0References7
NVD
NVD
added 2026/05/28 9:16 a.m.15 views

CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS0.00319EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 9:16 a.m.13 views

CVE-2024-47096

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do...

5.1CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 8:25 a.m.24 views

CVE-2024-47096

CVE-2024-47096 is a reflected cross-site scripting vulnerability in Follet School Solutions Destiny prior to v22.0.1 AU1. The issue allows a remote attacker to execute arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do. According to the NVD entry, the CVS...

5.1CVSS6AI score0.00319EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.15 views

Follet School Solutions Destiny 安全漏洞

Follet School Solutions Destiny is a school solution provided by Follet Corporation. Versions of Follet School Solutions Destiny prior to 22.0.1 AU1 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the showSupportExpiredMessage paramet...

5.1CVSS5.9AI score0.00319EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.26 views

PT-2026-44213

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS6AI score0.00319EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/26 11:16 a.m.16 views

CVE-2026-9520

A flaw was found in blitz-js blitz. A remote attacker can exploit this vulnerability by manipulating the 'Next' argument within the 'LoginForm.tsx' component. This manipulation leads to cross-site scripting XSS, which allows the attacker to inject malicious scripts into web pages viewed by other...

5.3CVSS5.4AI score0.00336EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 1:30 a.m.14 views

EUVD-2026-31781

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/26 1:30 a.m.10 views

CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
CVE
CVE
added 2026/05/26 1:30 a.m.40 views

CVE-2026-9520

Product/affected software : blitz-js blitz (up to 3.0.2). Vulnerable component/file : packages/generator/templates/app/src/app/auth/components/LoginForm.tsx in the Sign-in module. Root cause : argument manipulation in Next leads to cross-site scripting. Impact : cross-site scripting vulnerability...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/26 1:30 a.m.7 views

CVE-2026-9520

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/26 1:30 a.m.45 views

CVE-2026-9520 blitz-js blitz Sign-in LoginForm.tsx cross site scripting

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS0.00336EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43177

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/08 11:24 a.m.11 views

CVE-2026-3318 Multiple vulnerabilities in Cradle e-commerce

Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection because the web application accepts a URL as a parameter without properly validating it. As a result,...

5.3CVSS5.8AI score0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 11:24 a.m.38 views

CVE-2026-3318 Multiple vulnerabilities in Cradle e-commerce

Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection because the web application accepts a URL as a parameter without properly validating it. As a result,...

5.3CVSS0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 11:24 a.m.25 views

CVE-2026-3318

The CVE-2026-3318 entry documents an open redirection in the Cradle eCommerce platform (latest demo version) affecting the login form endpoint. The vulnerability arises because the returnUrl parameter accepts a URL without proper validation, enabling an attacker to redirect users from a legitimat...

5.3CVSS5.8AI score0.00339EPSS
Exploits0References1
Rows per page
Query Builder