WordPress Smart phone field for Gravity Forms plugin <= 2.1.6 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Smart phone field for Gravity Forms versions = 2.1.6...

CVE-2024-2101

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...

EUVD-2023-57642

Malicious code in bioql PyPI...

CVE-2023-41528

Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters...

CVE-2021-37458

Cross Site Scripting XSS exists in NCH Axon PBX v2.22 and earlier via the primary phone field stored...

Intermesh BV Group Office CRM 安全漏洞

Intermesh BV Group Office CRM is an application from Intermesh BV. Share projects, calendars, files and emails online with colleagues and clients. Easy to use and fully customizable. A security vulnerability exists in Intermesh BV Group Office CRM versions prior to 6.8.119 and 25.0.20, which stem...

CVE-2024-7635

A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been classified as critical. Affected is an unknown function of the file registerinsert.php of the component Registration Handler. The manipulation of the argument name/email/dob/password/Gender/phone leads to sql...

CVE-2024-2102

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field and 'smsprefix' parameter when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the...

CVE-2024-2101

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...

CVE-2024-2101

The Salon booking system WordPress plugin before 9.6.3 does not properly sanitize and escape the 'Mobile Phone' field when booking an appointment, allowing customers to conduct Stored Cross-Site Scripting attacks. The payload gets triggered when an admin visits the 'Customers' page and the...

CVE-2024-2101

The CVE-2024-2101 in the Salon booking system WordPress plugin affects versions prior to 9.6.3. The issue is improper sanitization/escaping of the Mobile Phone field during appointment booking, enabling Stored Cross-Site Scripting (XSS) attacks that trigger when an admin visits the Customers page...

WordPress Plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Plugin Salon booking system 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2024-18824 · WordPress · Salon Booking System

Name of the Vulnerable Software and Affected Versions: The Salon booking system WordPress plugin versions prior to 9.6.3 Description: The issue arises from improper sanitization and escaping of the Mobile Phone field and sms prefix parameter when booking an appointment, allowing customers to...

PT-2024-18823 · WordPress · Salon Booking System

Name of the Vulnerable Software and Affected Versions: The Salon booking system WordPress plugin versions prior to 9.6.3 Description: The issue arises from improper sanitization and escaping of the Mobile Phone field when booking an appointment, allowing customers to conduct Stored Cross-Site...

Warehouse Management System 跨站脚本漏洞

Warehouse Management System is a warehouse management system developed by Carlo Montero. A cross-site scripting vulnerability exists in Warehouse Management System version 1.0, which stems from the parameter namacustomer/alamatcustomer/notelpcustomer in the file customer.php and results in...

CVE-2023-5325

The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS...

PT-2023-32044 · WordPress · Woocommerce Vietnam Checkout

Name of the Vulnerable Software and Affected Versions: WooCommerce Vietnam Checkout WordPress plugin versions prior to 2.0.6 Description: The issue concerns the WooCommerce Vietnam Checkout WordPress plugin, where the custom shipping phone field on the checkout form is not properly escaped, leadi...

PT-2023-25230 · Unknown · Gz Scripts Ticket Booking Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts Ticket Booking Script version 1.8 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /load.php. The manipulation of the arguments first name, second name, phone, addres...

CVE-2023-1354

A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument...