CesiumGS CesiumJS 代码注入漏洞

CesiumGS CesiumJS is a JavaScript library created by CesiumGS Company in the United States, designed for creating and displaying three-dimensional Earth and geospatial data visualizations. Versions of CesiumGS CesiumJS 1.137.0 and earlier contained a code injection vulnerability. This vulnerabili...

PT-2026-24926

A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the argument c results in cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-13263

A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the file /categories.php. The manipulation of the argument c leads to sql injection. The attack is possible to be carried out remotely. The exploit is...

SourceCodester Online Magazine Management System SQL注入漏洞

SourceCodester Online Magazine Management System is a SourceCodester open source online magazine management system. A SQL injection vulnerability exists in SourceCodester Online Magazine Management System version 1.0, which stems from an incorrect manipulation of the parameter c in the file...

PT-2025-47118

A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the file /categories.php. The manipulation of the argument c leads to sql injection. The attack is possible to be carried out remotely. The exploit is...

CVE-2025-8621 Mosaic Generator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter

The Mosaic Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘c’ parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access an...

PT-2025-32619 · WordPress · Mosaic Generator

Name of the Vulnerable Software and Affected Versions: Mosaic Generator plugin for WordPress versions up to and including 1.0.5 Description: The Mosaic Generator plugin for WordPress is susceptible to Stored Cross-Site Scripting through the c parameter due to insufficient input sanitization and...

CVE-2019-19387

A cross-site scripting XSS vulnerability in app/fifolist/fifointeractive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter...

PT-2024-16287 · Unknown · Project Worlds Online Time Table Generator

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Time Table Generator version 1.0 Description: A critical issue has been found in the software, affecting an unknown function of the file /timetable/admin/admindashboard.php?info=add course. The manipulation of the argume...

TimeMail SQL Injection Vulnerability

TimeMail is an application about TimeMail by soxft individual developer. A SQL injection vulnerability exists in TimeMail version 1.1, which stems from the parameter c in the file check.php that causes SQL injection...

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store by Carlo Montero Personal Developer. SourceCodester Online Computer and Laptop Store version 1.0 suffers from an SQL injection vulnerability that stems from the presence of a SQL injection vulnerability that allows an attacke...

Online Computer and Laptop Store SQL注入漏洞

Online Computer and Laptop Store is an online computer and laptop store by the individual developer Carlo Montero. A SQL injection vulnerability exists in SourceCodester Online Computer and Laptop Store version 1.0, which stems from a problem in the file products.php, where manipulation of the...

L-Soft LISTSERV 跨站脚本漏洞

L-Soft LISTSERV is a suite of e-mail list management software from L-Soft. A cross-site scripting vulnerability exists in LISTSERV version 17, which stems from a cross-site scripting XSS vulnerability in the web interface. An attacker can exploit this vulnerability to inject arbitrary JavaScript ...

SICUNET Access Controller 安全漏洞

SICUNET Access Controller is a browser-based access from SICUNET China that allows you to connect your panel to our cloud server. This allows you to access your panel without firewall settings. A security vulnerability exists in SICUNET Access Controller version 0.32-05z, which stems from a...

FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-43414)

FusionPBX is an open source enterprise IPPBX interface management system based on FreeSWITHC. A cross-site scripting vulnerability exists in app/fifolist/fifointeractive.php in FusionPBX 4.4.1. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the c...

PT-2019-14889 · Fusionpbx · Fusionpbx

Name of the Vulnerable Software and Affected Versions: FusionPBX versions prior to 4.5.8 Description: The issue concerns an XSS problem where an unsanitized variable c from the URL is reflected in HTML. This occurs in the file appfifo listfifo interactive.php. Recommendations: For FusionPBX...