Code-Projects Traffic Offense Reporting System 安全漏洞

Traffic Offense Reporting System is a traffic violation reporting system. Traffic Offense Reporting System has a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the saveuser.php file parameters...

WordPress Parallax Image plugin <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via position Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via position Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Parallax Image versions = 1.9...

PT-2024-31260 · Pi Camera · Pi Camera

Name of the Vulnerable Software and Affected Versions: Pi Camera project version 1.0 Description: A remote code execution RCE vulnerability exists due to improper sanitization of user input passed to the position GET parameter in the tilt.php script. An attacker can exploit this by sending crafte...

SourceCodester Online Graduate Tracer System 跨站脚本漏洞

SourceCodester Online Graduate Tracer System is a web-based application project developed by SourceCodester using PHP and MySQL database. Its main purpose is to provide a platform for a school to track their alumni and generate graphical reports on alumni status. A cross-site scripting...

PT-2024-37993 · Sourcecodester · Sourcecodester Record Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Record Management System version 1.0 Description: A vulnerability was found in the SourceCodester Record Management System, affecting an unknown functionality of the file sort1.php. The manipulation of the position argument lea...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via drilldown/CargoAppliedFilter.php. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious input into the artist, album, or position parameters on the...

MediaWiki Cargo Extension Cross-site Scripting vulnerability

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php...

PT-2024-2677 · Mediawiki +2 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.14 MediaWiki versions 1.36.x through 1.39.x before 1.39.6 MediaWiki versions 1.40.x before 1.40.2 Description: An issue in the Cargo extension of MediaWiki allows for XSS attacks via the artist, album, and...

RELIC Input Validation Error Vulnerability

RELIC is a modern research cryptography meta-toolkit open-sourced by relic-toolkit that emphasizes efficiency and flexibility. A security vulnerability exists in previous versions of RELIC 421f2e91cf2ba42473d4d54daf24e295679e290e that originated from a vulnerability that allows an attacker to...

PT-2022-22465 · Sourcecodester · Sourcecodester Human Resource Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Management System version 1.0 Description: A vulnerability was found in the Master List component, where the manipulation of the city, state, country, or position argument leads to cross-site scripting. This issu...

Human Resource Management System 跨站脚本漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A cross-site scripting vulnerability exists in Human Resource Management System version 1.0, which is caused by incorrect manipulation of the parameters city/state/country/position...

CVE-2021-38357

The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1...

Cross site scripting

The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1...

CVE-2021-38357 SMS OVH <= 0.1 Reflected Cross-Site Scripting

The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...

SMS OVH <= 0.1 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the /sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts...

Guangzhou Redfan Technology Co., Ltd OA information management platform residual page exists xss vulnerability

iOffice.net is the information management platform developed by Redfan Technology based on the latest technology of Microsoft . Guangzhou red sail science and technology limited company OA information management platform residual page exists xss loophole, the attacker can use the loophole to inse...

CVE-2018-19564

Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters ikcfclient and ikcfposition and ikcfother have Cross-Site Scripting...

CVE-2006-1849

Multiple SQL injection vulnerabilities in membersonly/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 position and 2 id parameter...