12 matches found
CVE-2026-33135
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...
CVE-2026-33136
WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the listarmemorandosativos.php endpoint. An attacker can inject arbitrary JavaScript or HTML tags into the sccd GET parameter, which is then directly echoed into...
CVE-2019-20221
In Support Incident Tracker SiT! 3.67, Load Plugins input in the config.php page is affected by XSS. The XSS payload is, for example, executed on the about.php page...
CVE-2019-20220
In Support Incident Tracker SiT! 3.67, the searchid parameter in the searchincidentsadvanced.php page is affected by XSS...
PT-2025-46815
Name of the Vulnerable Software and Affected Versions WebToffee Order Export & Order Import for WooCommerce versions through 2.6.7 Description The software contains a flaw related to incorrectly configured access control, allowing for unauthorized access. The issue impacts the Order Export & Orde...
CVE-2025-7526
The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to arbitrary file deletion via renaming due to insufficient file path validation in the setuserprofileimage function in all versions up to, and including, 6.6.7. This makes it possible for...
WordPress WP Date and Time Shortcode plugin <= 2.6.7 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Peter Thaleikis in WordPress Plugin WP Date and Time Shortcode versions = 2.6.7...
WordPress DirectoryPress plugin <= 3.6.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin DirectoryPress versions = 3.6.7...
CVE-2023-45049
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ciprian Popescu YouTube Playlist Player plugin = 4.6.7 versions...
DEBIAN-CVE-2022-43272
DCMTK v3.6.7 was discovered to contain a memory leak via the TASCAssociation object...
PT-2021-7872 · Offis +5 · Dcmtk +5
Name of the Vulnerable Software and Affected Versions: OFFIS DCMTK versions prior to 3.6.7 Description: The issue is related to a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. This vulnerability is associated with errors in...
CVE-2019-20223
In Support Incident Tracker SiT! 3.67, the id parameter is affected by XSS on all endpoints that use this parameter, a related issue to CVE-2012-2235...