PT-2024-38629 · Sourcecodester · Sourcecodester Yoga Class Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Yoga Class Registration System version 1.0 Description: A vulnerability was found in the system, classified as problematic, affecting some unknown processing of the file /admin/inquiries/view inquiry.php. The manipulation of th...

PHPGurukul Old Age Home Management System 安全漏洞

PHPGurukul Old Age Home Management System is a nursing home management system from PHPGurukul, Inc. A security vulnerability exists in version v1.0 of the PHPGurukul Old Age Home Management System, which stems from a stored cross-site scripting XSS vulnerability in the message parameter of the...

CVE-2023-40819

ID4Portais contains an HTML Injection vulnerability in versions prior to V.2022.837.002a, caused by the response returning an unsanitized message parameter. Affected product: ID4Portais. Root cause: unsanitized message parameter leading to HTML injection. Impact details are described across sourc...

Devlop ID4Portais 安全漏洞

Devlop ID4Portais is an application from Devlop USA. A security vulnerability exists in versions prior to Devlop ID4Portais V.2022.837.002a, which stems from an HTML injection vulnerability due to an uncleaned message parameter being returned in a response...

Tailoring Management System SQL Injection Vulnerability

Tailoring Management System is a tailoring management system from itsourcecode open source. A SQL injection vulnerability exists in itsourcecode Tailoring Management System version 1.0, which stems from the parameter title/msg in the file templateadd.php that can lead to SQL injection...

CVE-2024-6427

Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itself, which could lead to resource consumption and...

Ingenico Estate Manager Cross-Site Scripting Vulnerability

Ingenico Estate Manager is a real estate management software from Ingenico Japan. A cross-site scripting vulnerability exists in Ingenico Estate Manager version 2023, which stems from cross-site scripting due to misuse of the parameter message...

PT-2024-37353 · Ingenico · Ingenico Estate Manager

Name of the Vulnerable Software and Affected Versions: Ingenico Estate Manager version 2023 Description: A problematic issue has been found in the News Feed component, affecting the processing of the file /emgui/rest/ums/messages. The manipulation of the message argument leads to cross-site...

playSMS Security Vulnerabilities

playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. A security vulnerability exists in playSMS 1.4.7 and earlier versions, which stems from the fact that manipulation of the parameters name/message can lead to basic...

CVE-2024-3469

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

VulnCheck KEV: CVE-2024-3469

The GP Premium plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the message parameter in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

PT-2024-26109

Name of the Vulnerable Software and Affected Versions GP Premium plugin for WordPress versions up to, and including, 2.4.0 Description The issue is related to Reflected Cross-Site Scripting via the message parameter due to insufficient input sanitization and output escaping. This allows...

PT-2024-26143 · WordPress · Header Footer Code Manager

Name of the Vulnerable Software and Affected Versions: Header Footer Code Manager Pro plugin for WordPress versions up to, and including, 1.0.16 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing unauthenticated...

Campcodes Online Event Management System 跨站脚本漏洞

Campcodes Online Event Management System is an online event management system. A cross-site scripting vulnerability exists in Campcodes Online Event Management System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the msg parameter of the...

CVE-2024-1412

The Memberpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘message’ and 'error' parameters in all versions up to, and including, 1.11.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2024-21310 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.11 Description: The issue is related to Stored Cross-Site Scripting via the countdown widget's message parameter due to insufficient input sanitization...

Campcodes Online Event Management System 跨站脚本漏洞

Campcodes Online Event Management System is an online event management system from Campcodes, Inc. A cross-site scripting vulnerability exists in Campcodes Online Event Management System version 1.0, which originates from an unknown function in /views/index.php that causes cross-site scripting vi...

CVE-2024-29947

There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality...

Synacor Zimbra 跨站脚本漏洞

Synacor Zimbra is an open source email collaboration platform from Synacor, Inc. A cross-site scripting vulnerability exists in Synacor Zimbra zm-admin-ajax version 8.8.1 and prior versions, which stems from the fact that incorrect manipulation of the parameter message can lead to cross-site...

CVE-2023-40277

An issue was discovered in OpenClinic GA 5.247.01. A Reflected Cross-Site Scripting XSS vulnerability has been discovered in the login.jsp message parameter...