Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ajaxblackListpost process. An attacker can execute arbitrary JavaScript in the browser of other administrators by injecting malicious inpu...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-4991

CVE-2026-4991 affects QDOCS Smart School Management System (up to 7.2). The vulnerability resides in the Admission Enquiry Module’s /admin/enquiry, where manipulating the Note argument triggers cross-site scripting. This can be exploited remotely. The provided sources do not specify affected vend...

EUVD-2025-27215

Malicious code in bioql PyPI...

CVE-2025-10121

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10121 uverif kami_list addbatch sql injection

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10121 uverif kami_list addbatch sql injection

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

uverif 安全漏洞

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif 3.2 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter note of the function addbatch in the file /admin/kamilist...

CVE-2013-4620

Cross-site scripting XSS vulnerability in interface/main/onotes/officecommentsfull.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter...

PHPGurukul e-Diary Management System 注入漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter mark of the view-note.php file. An attacker can exploit...

CVE-2024-9030

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/noteid/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th...

SourceCodester Sticky Notes SQL Injection Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a SQL injection vulnerability in the parameter note in the file endpoint/delete-note.php...

PT-2023-32330 · Sourcecodester · Sourcecodester Sticky Notes App

Name of the Vulnerable Software and Affected Versions: SourceCodester Sticky Notes App version 1.0 Description: A critical vulnerability has been found in the SourceCodester Sticky Notes App, affecting the file endpoint/delete-note.php. The manipulation of the note argument leads to SQL injection...

PT-2023-17310 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to Cross-site Scripting XSS - DOM, where the software fails to sanitize user input in the configuration privacy note URL parameter. This allows for potential...

CVE-2019-8436

imcat 4.5 has Stored XSS via the root/run/adm.php fminstopnote parameter...

Blog System v1.2 SQL inj. vuln.

Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...