276 matches found
CVE-2025-51971
CVE-2025-51971 affects PuneethReddyHC Online Shopping System Advanced 1.0. A reflected XSS exists in register.php due to unsanitized input in the f_name parameter being reflected in the response, allowing remote JavaScript injection. Impact is reflected, client-side HTML encoding/output escaping ...
📄 Pharmacy Product Management System 1.0 Cross Site Scripting
Pharmacy Product Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Pharmacy Product Management System - Persistent XSS Date: 25.08.2025 Exploit Author: Ömer Ahmet Yılmaz Vendor Homepage:...
CVE-2025-9167
A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The explo...
PT-2025-33865 · Unknown · Solidinvoice
Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A vulnerability exists in SolidInvoice that allows for cross site scripting. The issue affects unknown code within the /invoice/recurring file of the Recurring Invoice Module. Manipulation of...
Linux Distros Unpatched Vulnerability : CVE-2024-46292
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service DoS via a crafted input inserted into the name parameter. NOTE: this is...
CVE-2025-9119 Netis WF2419 Wireless Settings index.htm cross site scripting
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input causes cross site scripting. Remote exploitation of the attack is possible. The...
CVE-2025-9119 Netis WF2419 Wireless Settings index.htm cross site scripting
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input causes cross site scripting. Remote exploitation of the attack is possible. The...
i-Educar 代码注入漏洞
i-Educar is a free educational software from Portábilis Open Source. A code injection vulnerability exists in i-Educar version 2.10 and earlier, which originates from a cross-site scripting attack due to manipulation of the neighborhood name parameter in the file /intranet/educarinstituicaocad.ph...
Q2A Ultimate SEO 跨站脚本漏洞
Q2A Ultimate SEO is a component of the Q2A Projects team that provides search engine optimization functionality for Question2Answer. A cross-site scripting vulnerability exists in Q2A Ultimate SEO that stems from insufficient validation of the name parameter input in /products//edit, which could...
WordPress plugin WP Event Manager 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the listNames function. An attacker can cause significant CPU consumption and degrade server performance by supplying a crafted regular expression and influencing the set of resource names...
CVE-2024-31064
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...
CVE-2023-30558
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from the dbname in the sql/datadictionary.py tablelist endpoint is passed to the methods that follow in...
CVE-2021-25324
MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp...
CVE-2025-30345
An issue was discovered in OpenSlides before 4.2.5. When creating new chats via the chatgroup.create action, the user is able to specify the name of the chat. Some HTML elements such as SCRIPT are filtered, whereas others are not. In most cases, HTML entities are encoded properly, but not when...
UBUNTU-CVE-2024-45782
A flaw was found in the HFS filesystem. When reading an HFS volume's name at grubfsmount, the HFS filesystem driver performs a strcpy using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer,...
CVE-2025-1114
A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack...
CVE-2024-1097
A stored cross-site scripting XSS vulnerability exists in craigk5n/webcalendar version 1.3.0. The vulnerability occurs in the 'Report Name' input field while creating a new report. An attacker can inject malicious scripts, which are then executed in the context of other users who view the report,...
PT-2025-3428 · Hortusfox · Hortusfox
Name of the Vulnerable Software and Affected Versions: HortusFox version 3.9 Description: The issue is related to a stored XSS vulnerability in the "Add Plant" function. The name input field does not sanitize or escape user inputs, allowing attackers to inject and execute arbitrary JavaScript...
Chat System update_user.php File Cross-Site Scripting Vulnerability
Chat System is a chat system. Chat System suffers from a cross-site scripting vulnerability that stems from a lack of sufficient validation and escaping of the name parameter input in the file /admin/updateuser.php. The vulnerability can be exploited to conduct a cross-site scripting attack by...