276 matches found
CVE-2024-31064
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...
CVE-2024-31061
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Last Name input field...
Zabbix Cross-Site Scripting Vulnerability
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. A cross-site scripting vulnerability exists in Zabbix, which stems from improper validation of the input field "Name"...
CVE-2024-1024
A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input alert1 leads to cross site scripting. The...
PT-2024-16132 · Sourcecodester · Sourcecodester Facebook News Feed Like
Name of the Vulnerable Software and Affected Versions: SourceCodester Facebook News Feed Like version 1.0 Description: A problematic issue has been found, affecting the New Account Handler component. The manipulation of the First Name/Last Name argument with the input alert1 leads to cross-site...
Tenda A18 安全漏洞
Tenda A18 is an AC1200 dual-band Wi-Fi repeater from China's Tenda. A buffer overflow vulnerability exists in Tenda A18 version v15.13.07.09, which originates from the devName parameter in the formSetDeviceName function failing to correctly validate the length of the input data, and can be...
PT-2024-15426 · Unknown · Project Worlds Online Lawyer Management System
Name of the Vulnerable Software and Affected Versions: Project Worlds Online Lawyer Management System version 1.0 Description: A vulnerability has been found in the User Registration component of the system. The manipulation of the First Name argument leads to cross-site scripting. It is possible...
CVE-2023-6297
A vulnerability classified as problematic has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file patient-search-report.php of the component Search Report Page. The manipulation of the argument Search By Patient Name with the input...
PT-2023-32272 · Codeastro · Codeastro Internet Banking System
Name of the Vulnerable Software and Affected Versions: CodeAstro Internet Banking System version 1.0 Description: A problematic issue has been found in the CodeAstro Internet Banking System, affecting the processing of the file pages view client.php. The manipulation of the acc name argument with...
The vulnerability of the Reports component in the Nozomi Guardian network activity detection and tracking tool, as well as the Nozomi Central Management Console (CMC), allows a malicious actor to trigger a service failure.
The vulnerability of the Reports component of the Nozomi Guardian network activity detection and tracking tool, as well as the Nozomi Central Management Console CMC, relates to the issue of saving reports with a null name due to insufficient validation of input data. Exploiting this vulnerability...
Cross site scripting
Cross Site Scripting XSS vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code...
CVE-2020-24075
Cross Site Scripting XSS vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code...
CVE-2020-24075
Cross Site Scripting XSS vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code...
PT-2023-4163 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: Webmin version 2.021 Description: A Stored Cross-Site Scripting XSS issue was discovered in the Users and Groups functionality. This occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name. The...
CVE-2023-2574
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...
CVE-2023-2574 Authenticated Command Injection
Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request...
Design/Logic Flaw
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...
PT-2023-22785 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. User input coming from the db name in the sql/data...
CVE-2023-1857
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manageproduct&id=2. The manipulation of the argument Product Name leads to cross site scripting. Th...
SUSE CVE-2014-8630
Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x before 4.4.7, and 5.x before 5.0rc1 allows remote authenticated users to execute arbitrary commands by leveraging the editcomponents privilege and triggering crafted input to a two-argument Perl open call, as demonstrated by...