PT-2025-32624 · WordPress · Software Issue Manager

Name of the Vulnerable Software and Affected Versions: Software Issue Manager plugin for WordPress versions up to and including 5.0.1 Description: The Software Issue Manager plugin for WordPress is susceptible to Stored Cross-Site Scripting through the noaccess msg parameter due to insufficient...

CVE-2025-7951

A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /sendmessage.php. The manipulation of the argument chatmsg/yourname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit h...

Code-Projects Public Chat Room 代码注入漏洞

Code-Projects Public Chat Room is Code-Projects open source public chat room software. Code-Projects Public Chat Room version 1.0 suffers from a code injection vulnerability, which originates from a cross-site scripting attack due to incorrect manipulation of the chatmsg/yourname parameter in the...

Car Rental System message_admin.php File SQL Injection Vulnerability

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the messageadmin.php file's parameter Message. An attacker can use this vulnerability to execute illegal SQL commands...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorMsg parameter in the /xxl-sso-server/login process. An attacker can inject and execute arbitrary scripts in the context of a user's browser by crafting a malicious request. Details Cross-site...

CVE-2025-6579

A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /messageadmin.php. The manipulation of the argument Message leads to sql injection. The attack may be initiated remotely. The exploit has been...

Code-Projects Car Rental System 注入漏洞

Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the messageadmin.php file's parameter Message. An attacker can use this vulnerability to execute illegal SQL commands...

CVE-2025-6310

A vulnerability, which was classified as critical, has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Message leads to sql injection. The attack may be launched remotely...

code-projects Online Shoe Store 注入漏洞

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Message in the file /contactus1.php. The vulnerability can be exploited by an attacker t...

CVE-2024-22936

Cross-site scripting XSS vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2024-3469

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-8554

A vulnerability was found in SourceCodester Clinics Patient Management System 2.0 and classified as problematic. This issue affects some unknown processing of the file /users.php. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2023-23158

A stored cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page...

CVE-2012-1000

Multiple cross-site scripting XSS vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the 1 message parameter to admins/login/forgot/index.php, or the 2 displayname or 3 email parameter to account/preferences.php...

CVE-2013-5911

Cross-site scripting XSS vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2002-2021

Cross-site scripting XSS vulnerability in WoltLab Burning Board wbboard 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2005-2207

Cross-site scripting XSS vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2002-2319

Static code injection vulnerability in users.php in MySimpleNews allows remote attackers to inject arbitrary PHP code and HTML via the 1 LOGIN, 2 DATA, and 3 MESS parameters, which are inserted into news.php3...

CVE-2023-33770

Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php...

PT-2025-12400 · Simple Machines · Simplemachines Smf

Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A vulnerability was found in SimpleMachines SMF, affecting an unknown part of the file ManageNews.php. The manipulation of the subject/message argument leads to cross-site scripting. It is possibl...