191 matches found
Cross site scripting
A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'...
PT-2023-26655 · Unknown · Php-Login-System
Name of the Vulnerable Software and Affected Versions: PHP-Login-System version 2.0.1 Description: A reflected cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in a user's web browser. This is achieved by including a malicious payload into the selector...
CVE-2023-38876
CVE-2023-38876 describes a reflected XSS in msaad1999’s PHP-Login-System 2.0.1. The vulnerability is triggered by a malicious payload in the selector parameter of the /reset-password endpoint, allowing remote attackers to execute arbitrary JavaScript in a user’s browser. The available sources con...
CVE-2023-38875
Affected software : msaad1999's PHP-Login-System 2.0.1. Vulnerability : Reflected cross-site scripting (XSS) caused by unsanitized input in the 'validator' parameter of /reset-password. Impact : remote attackers can execute arbitrary JavaScript in a user’s browser, potentially stealing cookies or...
CVE-2023-38876
A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'...
CVE-2023-38876
A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'...
CVE-2023-38875
A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'...
PT-2023-26654
Name of the Vulnerable Software and Affected Versions msaad1999's PHP-Login-System version 2.0.1 Description A reflected cross-site scripting XSS issue allows remote attackers to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the...
PHP-Login-System Cross-Site Scripting Vulnerability
PHP-Login-System is a web application. A security vulnerability exists in PHP-Login-System version 2.0.1, which stems from a vulnerability that allows a remote attacker to execute arbitrary JavaScript - passwords in a user's web browser by including a malicious load in the validator parameter in...
PHP-Login-System Cross-Site Scripting Vulnerability
PHP-Login-System is a web application. A security vulnerability exists in PHP-Login-System version 2.0.1. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...
CVE-2023-38876
A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'...
CVE-2023-38875
A reflected cross-site scripting XSS vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'...
CVE-2023-33591
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/search-result.php...
CVE-2023-33591
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/search-result.php...
CVE-2023-33591
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /admin/search-result.php...
GeoVision Camera GV-ADR2701 - Authentication Bypass Vulnerability
Exploit Title: GeoVision Camera GV-ADR2701 - Authentication Bypass Device name: GV-ADR2701 Exploit Author: Chan Nyein Wai Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Firmware Version: V1.0020171215 Tested on: windows 10 Exploitation...
horus 安全漏洞
horus is a Pyramid Web framework user registration and login system open-sourced by Pylons Project. A security vulnerability exists in Pylons horus. An attacker exploited the vulnerability to cause an observable time discrepancy...
CVE-2022-39229
A flaw was found in the Grafana web application. When a user logs into the system, either the username or email address can be used. However, the login system allows both a username and connected email to be registered, which could allow an attacker to prevent a user which has an associated email...
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel SQL Injection Vulnerability
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel is a user registration and login system with an administrative panel from EGavilan Media. EGavilan Media User-Registration -and-Login-System-With-Admin-Panel version 1.0 contains a SQL injection vulnerability, which stems from...
CVE-2021-44096
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profileaction - updateuser. This allows a remote attacker to compromise Application SQL database...