608 matches found
CVE-2026-36388
A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...
CVE-2026-48597
creationtimestamp| type| source ---|---|--- 2026-06-02 20:46:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mndhnkma2l2j...
CVE-2026-7312
creationtimestamp| type| source ---|---|--- 2026-06-02 18:01:35+00:00| seen| https://bsky.app/profile/hugovalters.bsky.social/post/3mnd6h2hiip2w 2026-06-03 02:00:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mndz7plsio22 2026-06-04 14:37:07+00:00| seen|...
CVE-2018-25382
Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...
PT-2026-44860
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...
CVE-2024-47097
creationtimestamp| type| source ---|---|--- 2026-05-28 11:58:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmvxsm7e2o2e...
CVE-2026-42197
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
EUVD-2026-32627
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
CVE-2026-42197 RELATE Vulnerable to Stored XSS via Unprivileged User Profile
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
PT-2026-44073
RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...
CVE-2018-25343
Technical details for CVE-2018-25343 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-45228
creationtimestamp| type| source ---|---|--- 2026-05-14 01:10:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlrn4aysf72e...
Liberapay: Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link
The profile of a Liberapay team member contained a link to an expired Twitter account, creating a broken link hijacking vulnerability. The expired Twitter account link was displayed on the member's Liberapay profile and donation page, falsely confirming to donors that the account was legitimate a...
EUVD-2026-28392
A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...
CVE-2026-36388
A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...
PHPGurukul Hospital Management System 跨站脚本漏洞
PHPGurukul Hospital Management System is a hospital management system developed by PHPGurukul company, based on PHP and MySQL technologies. The PHPGurukul Hospital Management System v4.0 version has a cross-site scripting vulnerability. This vulnerability stems from the...
CVE-2026-36388
A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...
PT-2026-38450
A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...
CVE-2026-36388
A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...
CVE-2026-36388
A Cross-Site Scripting XSS vulnerability was found in PHPGurukal Hospital Management System v4.0 in the /hospital/hms/edit-profile.php page. This flaw allows an authenticated attacker patient to inject a malicious script payload into the User Name parameter, which is stored in the application and...