CVE-2025-13469 Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting

A security vulnerability has been detected in Public Knowledge Project omp and ojs 3.3.0/3.4.0/3.5.0. Impacted is an unknown function of the file plugins/paymethod/manual/templates/paymentForm.tpl of the component Payment Instructions Setting Handler. The manipulation of the argument...

CVE-2025-13469

CVE-2025-13469 affects Public Knowledge Project platforms PKP OJS/OMP/Ops (versions 3.3.0/3.4.0/3.5.0) where an attacker can trigger a cross-site scripting (XSS) by manipulating the argument manualInstructions in the file plugins/paymethod/manual/templates/paymentForm.tpl under the Payment Instru...

BIT-GITLAB-2025-7736 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.9 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to bypass access control restrictions and view GitLab Pages content intended only for project members by...

CVE-2025-13451

Summary: CVE-2025-13451 affects SourceCodester Online Shop Project 1.0. The vulnerability is an SQL injection in an unknown function within the file /action.php, triggered by manipulation of the Search argument. The issue can be exploited remotely and the exploit appears to be publicly available....

CVE-2025-13450 SourceCodester Online Shop Project register.php cross site scripting

A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument fname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed an...

CVE-2025-13450

CVE-2025-13450 affects SourceCodester Online Shop Project 1.0. A vulnerability in the file /shop/register.php, via manipulation of the f_name argument, enables cross-site scripting. The flaw can be triggered remotely, and the exploit has been publicly disclosed. Several feeds (NVD, Red Hat, CVE l...

EUVD-2025-198251

A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

Public Knowledge Project Platform OJS/OMP/OPS 代码注入漏洞

Public Knowledge Project Platform OJS/OMP/OPS PKP Platform OJS/OMP/OPS is an open source publishing platform from Public Knowledge Project, Inc. A code injection vulnerability exists in Public Knowledge Project Platform OJS/OMP/OPS, which stems from an incorrect manipulation of parameter...

CVE-2025-12743 SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database

The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker's internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT...

CVE-2025-12743

CVE-2025-12743 affects Looker: the project-generation endpoint (creating new projects from database connections) accepts a reserved internal name "looker" and the schemas parameter is vulnerable to SQL injection. This allows users with developer permissions to manipulate SELECT queries against Lo...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

PT-2025-47472

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

PHP-ECOMMERCE-PROJECT 安全漏洞

PHP-ECOMMERCE-PROJECT is an e-commerce website by the individual developer MD RAHATUL RABBI. A security vulnerability exists in PHP-ECOMMERCE-PROJECT v1.0 and earlier versions, which originates from a reflected cross-site scripting in the id parameter of the /ecommerce/products.php component, whi...

CVE-2025-63878

The CVE-2025-63878 entry concerns Github Restaurant Website Restoran v1.0 with a SQL injection vulnerability exposed through the Contact Form page. The connected documents reiterate the same description and provide no concrete technical specifics beyond the vulnerability class (SQLi) and page vec...

CVE-2025-63879

A reflected cross-site scripted XSS vulnerability in the /ecommerce/products.php component of E-commerce Project v1.0 and earlier allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into the id parameter...

CVE-2025-63879

CVE-2025-63879 affects the E-commerce Project (software) in versions v1.0 and earlier, specifically the /ecommerce/products.php component. The issue is a reflected XSS vulnerability triggered by injecting a payload into the id parameter, allowing arbitrary Javascript to run in a user’s browser. T...

EUVD-2025-197934

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...

CVE-2025-12406

The Project Honey Pot Spam Trap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the printAdminPage function. This makes it possible for unauthenticated attackers to update setting...