232 matches found
CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
DEBIAN-CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
UBUNTU-CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
PT-2025-40904
Name of the Vulnerable Software and Affected Versions DokuWiki version 2025-05-14a Description A Cross Site Scripting issue exists in DokuWiki. A remote attacker may be able to execute arbitrary code through the q parameter. The vulnerable component is 'Librarian' 56.1. Recommendations Update to ...
CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
DokuWiki 安全漏洞
DokuWiki is an easy-to-use and versatile open source Wiki software from DokuWiki Open Source. A security vulnerability exists in DokuWiki version 2025-05-14a, which stems from an unvalidated q parameter that could lead to a cross-site scripting attack...
CVE-2025-61224
Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'56.1 allows a remote attacker to execute arbitrary code via the q parameter...
CVE-2025-61224
CVE-2025-61224 affects DokuWiki (Librarian component) with a reflected XSS in the q parameter in versions up to 2025-05-14a. The underlying issue is an unvalidated q parameter that allows a remote attacker to induce arbitrary code execution in the context of the victim’s browser or app, as descri...
EUVD-2025-28878
Malicious code in bioql PyPI...
EUVD-2025-22806
Malicious code in bioql PyPI...
PT-2025-37357
Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3 Description: A flaw has been found in cdevroe unmark. This issue affects unknown code within the application/views/layouts/topbar/searchform.php file. Manipulation of the q parameter can lead to cross-site...
CVE-2025-40725 Reflected Cross-Site Scripting (XSS) in Azon Dominator
Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...
CVE-2025-40725 Reflected Cross-Site Scripting (XSS) in Azon Dominator
Reflected Cross-Site Scripting XSS vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the “q” parameter in /search via GET. This vulnerability can be exploited to steal sensitive user data...
PT-2025-37012
Name of the Vulnerable Software and Affected Versions: Azon Dominator affected versions not specified Description: A reflected Cross-Site Scripting XSS vulnerability exists in Azon Dominator. An attacker can execute JavaScript code in a victim’s browser by sending a malicious URL containing...
CVE-2025-40642 Reflected Cross-Site Scripting (XSS) in WebWork
Reflected Cross-Site Scripting XSS vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search...
Codester WebWork - PHP Search Engine Script 跨站脚本漏洞
Codester WebWork - PHP Search Engine Script is an open source search engine script from Codester. A cross-site scripting vulnerability exists in Codester WebWork - PHP Search Engine Script, which stems from the fact that incorrect manipulation of the parameters q and engine can lead to reflective...
CVE-2025-50985
diskover-web v2.3.0 Community Edition is vulnerable to multiple reflected cross-site scripting XSS flaws in its web interface. Unsanitized GET parameters including maxage, maxindex, index, path, q query, and doctype are directly echoed into the HTML response, allowing attackers to inject and...
CVE-2025-9689
A vulnerability was detected in SourceCodester Advanced School Management System 1.0. The impacted element is an unknown function of the file /index.php/stock/itemselect. The manipulation of the argument q results in sql injection. It is possible to launch the attack remotely. The exploit is now...