Code-Projects Blood Bank System 代码注入漏洞

Code-Projects Blood Bank System is a Code-Projects open source blood bank management system. A code injection vulnerability exists in Code-Projects Blood Bank System version 1.0, which stems from a cross-site scripting attack due to an incorrect manipulation of the parameter message...

CVE-2025-0924

The WP Activity Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 5.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

WordPress plugin WP Activity Log 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2025-2676 · Quorum · Quorum Onq Os

Name of the Vulnerable Software and Affected Versions: Quorum onQ OS version 6.0.0.5.2064 Description: The issue allows a remote attacker to obtain sensitive information via the msg parameter in the "Login page" API endpoint. This is a Cross Site Scripting vulnerability. Recommendations: For Quor...

PT-2025-2172 · WordPress · Wp Inventory Manager

Name of the Vulnerable Software and Affected Versions: WP Inventory Manager plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to Reflected Cross-Site Scripting via the message parameter due to insufficient input sanitization and output escaping. This allo...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from improper manipulation of the message/error parameter in the file /fladmin/jump.php, and is susceptible to cross-site scripting attacks...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA version 2.3.7, which stems from a reflected cross-site scripting vulnerability contained in the msge parameter of the precadastrofuncionario.php page...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

PT-2024-36453 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue exists in the /send message teacher to student.php file, allowing remote attackers to execute arbitrary scripts via the my message...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit this vulnerability to execute arbitrary scripts via the mymessage parameter...

PT-2024-36454 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /send message.php endpoint of the Kashipara E-learning Management System. This issue allows remote attackers to execute...

CVE-2024-11130

A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/msg.php. The manipulation of the argument keyword leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2024-10809

A vulnerability was found in code-projects E-Health Care System 1.0 and classified as critical. This issue affects some unknown processing of the file /Doctor/chat.php. The manipulation of the argument name/message leads to sql injection. The attack may be initiated remotely. The exploit has been...

PT-2024-16263 · Unknown · Code-Projects Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank Management System version 1.0 Description: A problematic issue was found in the system, affecting some unknown functionality of the file /bloodrequest.php. The manipulation of the msg argument leads to cross-site...

ZTE MF296R 安全漏洞

The ZTE MF296R is a wireless router from ZTE Corporation ZTE of China. A security vulnerability exists in the ZTE MF296R that stems from insufficient validation of the length of SMS parameters, which could be exploited by an authenticated attacker to perform a denial of service attack...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.1.6, which stems from the parameter message in the file...

PT-2024-39285 · Unknown · Perfex Crm

Name of the Vulnerable Software and Affected Versions: Perfex CRM version 3.1.6 Description: A problem exists in the file application/controllers/Clients.php of the component Parameter Handler. The manipulation of the message argument leads to cross-site scripting. The attack can be initiated...

PT-2024-39092 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A problem was found in the processing of the file /users.php, where the manipulation of the message argument leads to cross-site scripting. The attack may be initiated...

SourceCodester Clinics Patient Management System 安全漏洞

SourceCodester Clinics Patient Management System is a clinic patient management system from SourceCodester, Inc. A security vulnerability exists in SourceCodester Clinics Patient Management System version 2.0, which stems from the parameter message in the file /users.php that can lead to cross-si...

Yoga Class Registration System 跨站脚本漏洞

Yoga Class Registration System is a yoga class registration system by Carlo Montero, a personal developer. A cross-site scripting vulnerability exists in version 1.0 of the Yoga Class Registration System, which stems from some unknown handling of the file /admin/inquiries/viewinquiry.php, where...