CVE-2006-6534

Multiple cross-site scripting XSS vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the 1 set parameter to admin/modules.php, the 2 selectedbox parameter to definitiva/admin/customers.php, the 3 lID parameter to admin/languagesdefinitions.php, o...

CVE-2025-4531

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template...

CVE-2025-4531

A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of the file ROOT\WEB-INF\classes\com\ours\www\ehr\salary\service\data\EhrSalaryPayrollServiceImpl.class of the component Beetl Template...

CVE-2025-4022

A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluationharness/evaluators.py. The manipulation of the argument target"url" leads to code injection. The attack can ...

CVE-2025-45015

A Cross-Site Scripting XSS vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. The vulnerability allows remote attackers to inject arbitrary JavaScript code via the fromdate and todate parameters...

CVE-2025-4022

A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluationharness/evaluators.py. The manipulation of the argument target"url" leads to code injection. The attack can ...

CVE-2025-4022

A vulnerability was found in web-arena-x webarena up to 0.2.0. It has been declared as critical. This vulnerability affects the function HTMLContentEvaluator of the file webarena/evaluationharness/evaluators.py. The manipulation of the argument target"url" leads to code injection. The attack can ...

CVE-2025-3984

A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component...

CVE-2025-3842

A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploi...

CVE-2025-3842

A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploi...

OpenCMS Cross-Site Scripting vulnerability

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

CVE-2024-42699

Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field...

CVE-2025-25427

A stored cross-site scripting XSS vulnerability in the upnp.htm page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 = Build 241230 Rel. 50788n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload...

CVE-2025-3760

A stored cross-site scripting XSS vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10...

CVE-2025-3563

A vulnerability was found in WuzhiCMS 4.1. It has been rated as critical. Affected by this issue is the function Set of the file /index.php?m=attachment&f=index&su=wuzhicms&v=set&submit=1 of the component Setting Handler. The manipulation of the argument Setting leads to code injection. The attac...

CVE-2025-3563

The CVE-2025-3563 entry concerns WuzhiCMS 4.1. The vulnerability exists in the Setting Handler’s Set function of the /index.php?m=attachment&f=index&_su=wuzhicms&v=set&submit=1 path, where manipulating the Setting argument enables code injection. Documentation states remote exploitation is possib...

CVE-2025-3164

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...

CVE-2025-3164

Vulnerability details (CVE-2025-3164): Tencent Music Entertainment SuperSonic versions up to 0.9.8 contain a flaw in the H2 Database Connection Handler, specifically in the /api/semantic/database/testConnect function. The issue arises from the manipulation of an unknown functionality, leading to ...

Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

...

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory allows a hacker to inject arbitrary PHP code.

The vulnerability of the htmlawed module in the GLPI system for job requests, incidents, and computer equipment inventory management is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary PHP code remotely...