uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online auctions and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by uBidAuction Company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for the...

Drupal avatar_uploader 跨站脚本漏洞

Drupal avatarUploader is an extension developed by Drupal Corporation that provides website users with functionality for uploading and managing avatars. The Drupal avatarUploader 7.x-1.0-beta8 version contains a cross-site scripting vulnerability. This vulnerability stems from improper handling o...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for th...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of the filter functions for the...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the processing of JDBC connection URL parameters. An attacker can execute arbitrary code by supplying a crafted connection URL that causes the loading...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' in the ToolExecutionMixin.executetool process. An attacker...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the fsNick cookie parameter, which is reflected into the HTML without proper sanitization. An attacker can execute arbitrary JavaScript code in the context of the user's browser by tricking a user with a val...

FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Manipulation

Summary A Reflected Cross-Site Scripting XSS vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. Details The fsNick cookie is rendered into the DOM without encoding. While the server does reject the modified...

Admidio 跨站脚本漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a cross-site scripting vulnerability. This vulnerability...

PT-2026-38612

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.8 Description A Reflected Cross-Site Scripting XSS issue exists where the application reflects the value of the fsNick cookie directly into the HTML without proper sanitization or encoding. Although the...

WordPress plugin Bricks Builder 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Magento LTS: Reflected XSS - Import -> Data Flow (profiles)

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' via the condition process. An attacker can execute arbitrary commands on the server by injecting malicious...

PT-2026-38267

A reflected XSS vulnerability was found under admin panel - System - Import/Export - Dataflow - Profiles. Steps to produce + Login to the admin panel + Go to the path System - Import/Export - Dataflow - Profiles + Select profile direction as Import. + Click on Import Customers + Upload the file...

Exploit for Improper Authentication in Microsoft

CVE-2026-26128 !Examplehttps://github.com/jarnovandenbrink/...

Unsafe Reflection

Overview org.apache.opennlp:opennlp-tools is an is a machine learning based toolkit for the processing of natural language text. Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the...

Unsafe Reflection

Overview Affected versions of this package are vulnerable to Unsafe Reflection that leads to arbitrary class instantiation, via the instantiateExtension method in the ExtensionLoader class. An attacker can trigger the static initializer of any class present on the classpath by supplying a model...