EUVD-2026-31294

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

PT-2026-42495

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters module choice, flag, confirmation directly into...

EUVD-2023-57726

Malicious code in bioql PyPI...

CVE-2024-9647

The Kama SpamBlock plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $POST values in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

WordPress plugin Kama SpamBlock 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2023-0602

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen...

Cross site scripting

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen...

PT-2023-6376 · WordPress · Twittee Text Tweet Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Twittee Text Tweet WordPress plugin versions 1.0.0 through 1.0.8 Description: The issue arises from the plugin's failure to properly escape POST values, which are then printed back to the user inside one of the plugin's administrative pages...

CVE-2015-4715

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ at sign character in unspecified POS...

CVE-2015-4715

The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ at sign character in unspecified POS...

JVN#47363774: WordPress plugin "Welcart e-Commerce" vulnerable to PHP object injection

WordPress plugin "Welcart e-Commerce" contains a PHP object injection vulnerability due to a flaw where untrusted POST values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Update the Software Update to the latest version according to the information provided ...