42 matches found
CVE-2026-33303
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...
EUVD-2019-20020
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...
CVE-2019-25640
Inout Article Base CMS is affected by SQL injection via portalLogin.php. The flaw allows unauthenticated attackers to manipulate queries through the p and u parameters, with XOR-based payloads in GET requests used to inject SQL, potentially extracting sensitive data or causing time-based DoS. Aff...
CVE-2019-25640
Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...
PT-2026-27374
Name of the Vulnerable Software and Affected Versions Inout Article Base CMS affected versions not specified Description Unauthenticated attackers can manipulate database queries using SQL injection. By sending GET requests to the 'portalLogin.php' endpoint, attackers can inject SQL code via...
Nesote Inout Article Base CMS SQL注入漏洞
Nesote Inout Article Base CMS is a content management system developed by the Indian company Nesote, designed for building article publishing and content management websites. The Inout Article Base CMS has a SQL injection vulnerability. This vulnerability stems from SQL injection attacks, allowin...
CVE-2026-33303
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...
CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...
CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...
EUVD-2026-13223
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...
CVE-2026-33303
CVE-2026-33303 affects OpenEMR prior to 8.0.0.2. A stored XSS vulnerability exists in the portal credential print view where an unescaped patient portal username (portal_login_username) can be injected by a patient, executing in a clinic staff member’s browser when accessing the "Create Portal Lo...
CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...
PT-2026-26345
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portal login username in the portal credential print view. A patient portal user can set their login...
OpenEMR 跨站脚本漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained a cross-site...
EUVD-2025-199825
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports...
CVE-2025-12916
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...
EUVD-2025-38438
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...
CVE-2025-12916
A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portallogin of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. T...
Sangfor Operation and Maintenance Security 命令注入漏洞
Sangfor Operation and Maintenance Security is an operation and maintenance security management system from China's Sangfor. A command injection vulnerability exists in Sangfor Operation and Maintenance Security version 3.0, which stems from an incorrect manipulation of the parameter loginUrl in t...