CVE-2023-23158

A stored cross-site scripting XSS vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the enquiry page...

PT-2023-18865 · Unknown · Art Gallery Management System Project

Name of the Vulnerable Software and Affected Versions: Art Gallery Management System Project version 1.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter on the "enquiry page" A...

dst-admin 命令注入漏洞

dst-admin is a web program written in Java by qinming99, an individual developer. A command injection vulnerability exists in dst-admin version 1.5.0, which stems from an unknown function in the file /home/sendBroadcast that can be injected via the parameter message...

PT-2022-23247 · Unknown · Fusiondirectory

Name of the Vulnerable Software and Affected Versions: Fusiondirectory version 1.3 Description: The issue concerns a Cross Site Scripting XSS vulnerability. It can be exploited via several "API Endpoints": "/fusiondirectory/index.php?message=injection",...

CVE-2022-43317

A cross-site scripting XSS vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

kkFileView 跨站脚本漏洞

Keking kkFileView is a Spring-Boot project from Keking Technology Keking, a Chinese company that builds online previews of files and documents. A security vulnerability exists in kkFileView v4.1.0, which stems from the errorMsg parameter being vulnerable to cross-site scripting...

Techvillage PayMoney 跨站脚本漏洞

Techvillage Paymoney is a secure online payment gateway from Techvillage Bangladesh. A security vulnerability exists in Techvillage PayMoney version 3.3, which stems from XSS that can be obtained by injecting a specially crafted payload with a description parameter under the Message field...

Wedding Hall Booking System 跨站脚本漏洞

Wedding Hall Booking System is a simple PHP-titled wedding hall booking system by the individual developer Carlo Montero. Wedding Hall Booking System suffers from a cross-site scripting vulnerability that stems from the manipulation of the parameter Message by an unknown function in the Contect...

CVE-2022-31897

SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting XSS via publichtml/registervisitor?msg=...

CVE-2022-24646

Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters...

PT-2022-16772 · Unknown · Hospital Management System

Name of the Vulnerable Software and Affected Versions: Hospital Management System version 4.0 Description: The issue is related to a SQL injection vulnerability. It affects the /Hospital-Management-System-master/contact.php endpoint via the txtMsg parameters. Recommendations: For Hospital...

Simple Chatbot Application SQL注入漏洞

Simple Chatbot Application is a chatbot application. version 1.0 of Simple Chatbot Application is vulnerable to SQL injection, which can be exploited by attackers via the message parameter in master.php...

CVE-2021-24632

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue...

CVE-2021-38359

The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the /admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1...

CVE-2021-3340

A cross-site scripting XSS vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php...

Wikindx Cross-Site Scripting Vulnerability

Wikindx is a virtual research environment online bibliography and quote/notes management and article creation system. Wikindx before 5.7.0 and 6.x through 6.4.0 suffers from a cross-site scripting vulnerability that originates from the message parameter in index.php?action=initLogon or...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

PT-2021-11721 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows attackers to inject malicious code into the browser via a specially crafted link to the "initFile.jsp" file using the msg parameter. This affects products that are no long...

PT-2020-13709 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0.4 Description: The issue concerns multiple stored Cross-Site Scripting XSS vulnerabilities. These could allow remote authenticated attackers to inject arbitrary web script or HTML. This can be done via several API...

CVE-2019-20502

An issue was discovered in EFS Easy Chat Server 3.1. There is a buffer overflow via a long body2.ghp message parameter...