PYSEC-2020-212

Multiple cross-site scripting XSS vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the 1 @okmessage or 2 @errormessage parameter to issue...

CVE-2014-4567

Cross-site scripting XSS vulnerability in comments/videowhisper2/rlogout.php in the Video Comments Webcam Recorder plugin 1.55, as downloaded before 20140116 for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter...

Code injection

TestLink 1.9.19 has XSS via the error.php message parameter...

CVE-2019-12581

A reflective Cross-site scripting XSS vulnerability in the freetimefailed.cgi CGI program in selected Zyxel ZyWall, USG, and UAG devices allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter...

CVE-2018-17843

SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0...

PHP has unspecified vulnerabilities (CNVD-2019-42544)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A security vulnerability exists in th...

CVE-2018-19190

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php errormsg parameter...

PAYFORT payfort-php-SDK cross-site scripting vulnerability

PayFort is an online payment gateway. payfort-php-SDK is the PayFort payment gateway SDK. A cross-site scripting vulnerability exists in Amazon PAYFORT payfort-php-SDK on 2018-04-26 and earlier versions, which can be exploited by an attacker via the error.php errormsg parameter to conduct a...

WordPress Support Board Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Support Board Plugin is used in one of the online customer service chat plugin. A cross-site scripting vulnerabili...

CVE-2018-17946

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter...

git-dummy-commit command injection vulnerability

git-dummy-commit is a code commit package. A command injection vulnerability exists in git-dummy-commit version 1.3.0, which stems from the program failing to encode the 'msg' parameter. An attacker can exploit this vulnerability to execute operating system commands...

drfrostmaths.com XSS vulnerability

Open Bug Bounty ID: OBB-621125 Description| Value ---|--- Affected Website:| drfrostmaths.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Synology Note Station Cross-Site Scripting Vulnerability

Synology Note Station is a cloud-based note management platform from Synology. A cross-site scripting vulnerability exists in SYNO.NoteStation.Note in Synology Note Station versions prior to 2.5.1-0844. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML with th...

CVE-2018-8912

Cross-site scripting XSS vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commitmsg parameter...

Enhancesoft osTicket Cross-Site Scripting Vulnerability

Enhancesoft osTicket is a U.S. Enhancesoft's open source ticketing system. A cross-site scripting vulnerability exists in /ajax.php/form/help-topic in Enhancesoft osTicket versions prior to 1.10.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the he...

Cross site scripting

Cross-site scripting XSS vulnerability in /ajax.php/form/help-topic in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "message" parameter...

WordPress wp-concours plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. wp-concours plugin is used in one of the contests to create the plugin. A cross-site scripting vulnerability exist...

CVE-2017-17719

A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the resultmessage parameter to includes/concourspage.php...

FS Olx Clone SQL Injection Vulnerability

FS Olx Clone is a set of PHP and MySQL based scripts for classifieds publishing websites. A SQL injection vulnerability exists in FS Olx Clone version 1.0. The vulnerability can be exploited by remote attackers to inject SQL commands by sending the 'scat' parameter to the subpage.php file or the...

mediawiki -- multiple vulnerabilities

mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XS...