CVE-2024-41514

A reflected cross-site scripting XSS vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter...

CVE-2024-41613

A Cross Site Scripting XSS vulnerability in Symphony CMS 2.7.10 allows remote attackers to inject arbitrary web script or HTML by editing note...

CVE-2024-1705

A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely...

CVE-2024-10505

A vulnerability was found in wuzhicms 4.1.0. It has been classified as critical. Affected is the function add/edit of the file www/coreframe/app/content/admin/block.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...

CVE-2024-10073

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

CVE-2024-9006

A vulnerability was found in jeanmarc77 123solar 1.8.4.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file config/configinvt1.php. The manipulation of the argument PASSOx leads to code injection. The attack may be launched remotely. The exploit has...

CVE-2024-54451

A cross-site scripting XSS vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers authenticated as system administrators to inject arbitrary web script or HTML via the...

CVE-2024-12952

A vulnerability classified as critical was found in melMass comfymtb up to 0.1.4. Affected by this vulnerability is the function runcommand of the file comfymtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The...

CVE-2024-6946

A vulnerability was found in Flute CMS 0.2.2.4-alpha. It has been declared as critical. This vulnerability affects unknown code of the file /admin/pages/list. The manipulation of the argument blocks leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2024-6936

A vulnerability, which was classified as problematic, has been found in formtools.org Form Tools 3.1.1. This issue affects some unknown processing of the file /admin/settings/index.php?page=accounts of the component Setting Handler. The manipulation of the argument Page Theme leads to code...

CVE-2024-8880

A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main=coreauth=forgot=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code...

CVE-2024-51941

A remote code injection vulnerability exists in the Ambari Metrics and AMS Alerts feature, allowing authenticated users to inject and execute arbitrary code. The vulnerability occurs when processing alert definitions, where malicious input can be injected into the alert script execution path. An...

CVE-2024-50387

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service...

CVE-2024-12900

A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attac...

CVE-2024-51328

Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter...

CVE-2023-42498

Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2023-42496

Reflected cross-site scripting XSS vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the...

CVE-2023-48858

A Cross-site scripting XSS vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part...

CVE-2023-41158

A Stored Cross-Site Scripting XSS vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program...

CVE-2023-41163

A Reflected Cross-site scripting XSS vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down...