WordPress plugin Livemesh Addons for Elementor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.59 and 9.6.0-alpha.53 contain a SQL injection vulnerability. This vulnerability arises from the ability of attackers to inject...

cpp-httplib 安全漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes servers and clients for HTTP/HTTPS protocols. Versions of cpp-httplib prior to 0.37.0 contained security vulnerabilities. These vulnerabilities stemmed from stack overflows that occurred when the std::regex library was used to pars...

EUVD-2025-206277

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...

EUVD-2023-60204

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

CVE-2023-53927

PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections,...

PT-2025-47002

Name of the Vulnerable Software and Affected Versions Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System versions up to 20250320 Description A cross-site scripting issue exists in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System. The issue i...

PT-2025-41210

Name of the Vulnerable Software and Affected Versions code-projects Voting System version 1.0 Description A flaw exists in code-projects Voting System 1.0, specifically within an unknown function of the /admin/candidates edit.php file. Manipulation of the Firstname, Lastname, and Platform argumen...

NRadio N8-180 安全漏洞

The NRadio N8-180 is a wireless receiver from NRadio. A security vulnerability exists in the NRadio N8-180 NROS-1.9.2.n3.c5 version, which stems from vulnerability to cross-site scripting attacks via the 2.4 GHz and 5 GHz name parameters...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the constructor of the Downloader class. An attacker can execute arbitrary JavaScript code in t...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System v1.0. An attacker can exploit the vulnerability to access the database by executing arbitrary SQL commands via the firstname, lastname,...

SourceCodester Best House Rental Management System 跨站脚本漏洞

SourceCodester Best House Rental Management System is a house rental management system from SourceCodester, Inc. A cross-site scripting vulnerability exists in SourceCodester Best House Rental Management System version 1.0, which results from improper manipulation of the parameters Last Name/Firs...

CVE-2024-46382

A SQL injection vulnerability in linlinjava litemall 1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, and name parameters in AdminOrderController.java...

litemall 安全漏洞

litemall is a small shopping mall system for linlinjava individual developers. A security vulnerability exists in litemall version 1.8.0, which stems from the presence of a SQL injection vulnerability that allows a remote attacker to obtain sensitive information via the GoodsId, GoodsSn and name...

CVE-2024-4797

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customername/username leads to cross site scripting. The attack can be initiated...

Customer Support System Security Breach

Customer Support System is a customer support system by oretnom23 Individual Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. A security vulnerability exists in Customer Support System version v.1.0. An attacker...

CVE-2023-43456

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint...

NETGEAR DG834G 安全漏洞

The NETGEAR DG834Gv5 is a wireless ADSL firewall modem from NETGEAR. The NETGEAR DG834Gv5 version 1.6.01.34 suffers from a buffer overflow vulnerability that originates from a failure to properly validate the length of the input data in the wlassid and wlatempssid parameters via bswssid.cgi, whic...

CVE-2023-35153 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload ...

GHSA-4WC6-HQV9-QC97 XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters

Impact A stored XSS can be exploited by users with edit rights by adding a AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title. Then, any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload. See...