159 matches found
SUSE CVE-2017-15088
plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 aka krb5 through 1.15.2 mishandles Distinguished Name DN fields, which allows remote attackers to execute arbitrary code or cause a denial of service buffer overflow and application crash in situations involving untrusted X.509 data,...
Cross-Site Scripting (XSS)
modoboa is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of santization in the name fields while creating accounts, which allows an attacker to inject and execute arbitrary JavaScript when viewing the logs and identities pages...
Integer Overflow or Wraparound
Overview publifycore is a Core engine for the Publify blogging system, formerly known as Typo. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in app/models/user.rb, which allows attackers to cause denial of service by supplying an excessively long name value fo...
CVE-2023-22959
WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php txtFirstName, txtLastName...
PT-2022-26368 · Sourcecodester · Sourcecodester Event Registration System
Name of the Vulnerable Software and Affected Versions: SourceCodester Event Registration System version 1.0 Description: A vulnerability has been found in the SourceCodester Event Registration System, allowing for cross site scripting through the manipulation of the First Name/Last Name argument ...
CVE-2022-3716
A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site...
CVE-2022-3716
A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site...
CVE-2022-3547
A vulnerability was found in SourceCodester Simple Cold Storage Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /csms/admin/?page=systeminfo of the component Setting Handler. The manipulation of the argument System Name/System Short Name lead...
Simple Cold Storage Management System 跨站脚本漏洞
Simple Cold Storage Management System is a simple cold storage management system by Carlo Montero, an individual developer. A security vulnerability exists in Simple Cold Storage Management System version 1.0, which stems from some unknown functionality in the /csms/admin/?page=user/list file,...
CVE-2022-3518
A vulnerability classified as problematic has been found in SourceCodester Sanitization Management System 1.0. Affected is an unknown function of the component User Creation Handler. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is possible to...
PT-2022-22620 · Sourcecodester · Sanitization Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Sanitization Management System version 1.0 Description: A problematic vulnerability has been found in the User Creation Handler component. The manipulation of the First Name/Middle Name/Last Name argument leads to cross-site...
PT-2022-22439 · Sourcecodester · Sourcecodester Human Resource Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Management System version 1.0 Description: A problematic issue has been found in the Add Employee Handler component, where the manipulation of the First Name/Middle Name/Last Name argument leads to cross-site...
Human Resource Management System 安全漏洞
Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System, which originates from an unknown handler in its Add Employee Handler component that operates on the parameters First...
CVE-2022-30494
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs...
ToolJet 跨站脚本漏洞
A code injection vulnerability exists in ToolJet v0.6.0 through v1.10.2, which stems from a lack of data validation filtering of user-supplied data and output in the first and last name fields of the invitation email. An attacker could exploit this vulnerability to inject malicious code when...
CVE-2022-1076
A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. It is...
CVE-2021-24797
The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins...
MartDevelopers iResturant 跨站脚本漏洞
MartDevelopers iResturant is an open source lightweight restaurant Erp from MartDevelopers Kenya. for integrating social restaurant operations into one system. A cross-site scripting vulnerability exists in MartDevelopers iResturant version 1.0, which stems from a lack of effective filtering and...
CVE-2021-36870
Multiple Authenticated Persistent Cross-Site Scripting XSS vulnerabilities in WordPress WP Google Maps plugin versions = 8.1.12. Vulnerable parameters: &datasetname, &wpgmzagdprretentionpurpose, &wpgmzagdprcompanyname, &name 2, &name, &polyname 2, &polyname, &address...
WordPress 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A code injection vulnerability exists in the WordPress...