CVE-2019-25751

CVE-2019-25751 affects Joomla’s J-ClassifiedsManager component, version 3.0.5. The vulnerability is an SQL injection in the displayads flow that does not require authentication. An attacker can inject malicious SQL through POST parameters, specifically categorySearch, adType, and citySearch, to e...

CVE-2019-25751 Joomla J-ClassifiedsManager 3.0.5 SQL Injection

Joomla Component J-ClassifiedsManager 3.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the categorySearch, adType, and citySearch...

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

CVE-2026-48230

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

CVE-2026-48218

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmname and frmid POST parameters directly into rendered HTML content a...

CVE-2026-48217

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48216

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

EUVD-2026-31317

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

CVE-2026-48236 Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in dbloader.php where the multiple POST parameters ticketsdb, ticketshost, ticketsuser, ticketspassword are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database withou...

CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

CVE-2026-48230

Open ISES Tickets before 3.44.2 is affected by a reflected XSS in ticketsmdb_import.php. An authenticated attacker can inject arbitrary JavaScript by passing unsanitized values through multiple POST parameters (mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix, ticketshost, ticketsdb, ticketsuser, ...

EUVD-2026-31312

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

EUVD-2026-31308

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...

CVE-2026-48218

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmname and frmid POST parameters directly into rendered HTML content a...

CVE-2026-48218 Open ISES Tickets < 3.44.2 Reflected XSS via icons/buttons/landb.php frm_name and frm_id Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in icons/buttons/landb.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmname and frmid POST parameters directly into rendered HTML content a...

EUVD-2026-31300

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48217 Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48217

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in delete_module.php. The vulnerability allows an authenticated attacker to inject arbitrary JavaScript by passing unsanitized values through POST parameters module_choice, flag, and confirmation, which are then rendered into HTML c...

CVE-2026-48216

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in db_loader.php. An authenticated attacker can inject arbitrary JavaScript by sending unsanitized values through the POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword, ticketsprefix, and db_schema, which are then...