PT-2026-28698

Name of the Vulnerable Software and Affected Versions SourceCodester Online Quiz System version 1.0 Description A flaw exists in SourceCodester Online Quiz System that allows for cross site scripting. This issue is related to the manipulation of the quiz question argument within the...

CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

WordPress Quiz and Survey Master (QSM) plugin <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter vulnerability

Authenticated Contributor+ SQL Injection via 'mergedquestion' Parameter vulnerability discovered by d.v4ns3c in WordPress Plugin Quiz And Survey Master versions = 10.3.5...

EUVD-2025-197974

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-13343

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-13343

A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...

PT-2025-47297

Name of the Vulnerable Software and Affected Versions SourceCodester Interview Management System version 1.0 Description A security flaw exists in SourceCodester Interview Management System 1.0. The manipulation of the Question argument in the file /editQuestion.php can lead to cross site...

SourceCodester Interview Management System 代码注入漏洞

SourceCodester Interview Management System is a SourceCodester open source interview management system. A code injection vulnerability exists in version 1.0 of the SourceCodester Interview Management System, which stems from an incorrect manipulation of the parameter Question in the file...

CVE-2024-13711

The Pollin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...

CVE-2024-13712

The Pollin plugin for WordPress is vulnerable to SQL Injection via the 'question' parameter in all versions up to, and including, 1.01.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-6769

Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. This vulnerability allows a remote attacker to store a malicious JavaScript payload in the "lpadmin.php" file in the "question" and "item" parameters. This vulnerability could lead to malicious JavaScript execution...

PT-2023-32770 · Unknown · Amazing Little Poll

Name of the Vulnerable Software and Affected Versions: Amazing Little Poll versions 1.3 through 1.4 Description: The issue is a Stored XSS vulnerability that allows a remote attacker to store a malicious JavaScript payload in the "lp admin.php" file using the question and item parameters. This...

Quiz and Survey Master < 8.0.5 - Improper Input Validation

The plugin does not properly validate the questionid parameter, which could allow attackers to send values other than the expected type...

VulnCheck KEV: CVE-2021-24762

The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the questionid GET parameter before using it in a SQL statement in the getquestion AJAX action, allowing unauthenticated users to perform SQL injection...

CVE-2017-17590

FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter...

friendsinwar FAQ Manager (view_faq.php, question param) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: friendsinwar FAQ Manager SQL Injection URL Vulnerability Date: 16.11 2012 Exploit Author: unsuprise Vendor Homepage: http://www.friendsinwar.com Software Link:http://www.friendsinwar.com/scriptdemo/thefaqmanager/ Tested on:...

CVE-2006-1416

Cross-site scripting XSS vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter...

CVE-2006-1416

Cross-site scripting XSS vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter...