374 matches found
CVE-2025-9939
CodeAstro Real Estate Management System 1.0 is affected by a cross-site scripting (XSS) vulnerability in an unknown function of /propertyview.php where manipulation of the msg parameter enables remote exploitation. Multiple sources confirm the issue and that the exploit has been publicly disclose...
CodeAstro Real Estate Management System 代码注入漏洞
CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A code injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which stems from improper manipulation of the parameter msg in the file /propertyview.php, which could lead to a...
CVE-2025-9473
A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly an...
SourceCodester Online Bank Management System 安全漏洞
SourceCodester Online Bank Management System is a SourceCodester open source online bank management system. A security vulnerability exists in SourceCodester Online Bank Management System version 1.0, which is caused by a SQL injection attack due to incorrect manipulation of the parameter msg in...
PT-2025-34741
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A security issue exists in SourceCodester Online Bank Management System 1.0. The vulnerability is located in the /feedback.php file, within an unknown function. Manipulatio...
CVE-2025-57765
Vulnerability summary (CVE-2025-57765): WeGIA, a web manager for charitable institutions, had a reflected XSS in the pre_cadastro_adotante.php endpoint. The attack vector is the msg_e parameter, where an attacker could inject malicious scripts that run in a user’s browser. This affects versions p...
CVE-2025-57765 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_adotante.php' parameter 'msg_e'
WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting XSS vulnerability was identified in the precadastroadotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This...
CVE-2025-57765 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_adotante.php' parameter 'msg_e'
WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting XSS vulnerability was identified in the precadastroadotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This...
CVE-2025-57764 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'cargos.php' parameter 'msg_e'
WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting XSS vulnerability was identified in the cargos.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This vulnerability is...
CVE-2025-57764 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'cargos.php' parameter 'msg_e'
WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting XSS vulnerability was identified in the cargos.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This vulnerability is...
Beauty Parlour Management System book-appointment.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...
CVE-2025-9024
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9024
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9024
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-9024
CVE-2025-9024 affects PHPGurukul Beauty Parlour Management System v1.1, specifically the /book-appointment.php file. The vulnerability is an SQL injection in the Message parameter, exploitable remotely with a disclosed exploit. Multiple sources confirm impact to the database (data exposure/altera...
CVE-2025-9024 PHPGurukul Beauty Parlour Management System book-appointment.php sql injection
A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...
PT-2025-33469 · Phpgurukul · Phpgurukul Beauty Parlour Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A SQL injection issue exists in PHPGurukul Beauty Parlour Management System 1.1, specifically within the /book-appointment.php file. The Message parameter is susceptible to...
PHPGurukul Beauty Parlour Management System 注入漏洞
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...
CVE-2025-8314 Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter
The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-8314 Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter
The Software Issue Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg parameter in all versions up to, and including, 5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...