CVE-2024-3088

A vulnerability, which was classified as critical, was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. This affects an unknown part of the file /admin/forgot-password.php of the component Forgot Password Page. The manipulation of the argument username leads to sql injection. It is...

CVE-2024-2938

A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/faceboxmodal/updateCourse.php. The manipulation of the argument id leads to sql injection. The attack may be initiated...

PT-2024-23290 · WordPress · Tomas Wordpress Tooltips

Name of the Vulnerable Software and Affected Versions: Tomas WordPress Tooltips versions prior to 9.4.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential remote attacks...

Advantech WebAccess/SCADA SQL注入漏洞

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation devices. A SQL injection vulnerability exists in Advantech...

CVE-2024-2672

A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The...

CVE-2023-45597

A CWE-1236 “Improper Neutralization of Formula Elements in a CSV File” vulnerability in the “fileconfiguration” functionality of the web application concerning the function “exportfile” allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue...

CVE-2024-2064

A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be...

CVE-2024-2064

The CVE-2024-2064 vulnerability affects rahman SelectCours 1.0, specifically the Template Handler’s CacheController.java:getCacheNames. The issue stems from injecting/manipulating an argument fragment, enabling injection. It can be exploited remotely and public exploit details exist (VDB-255379)....

CVE-2023-7106

A vulnerability was found in code-projects E-Commerce Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file productdetails.php?prodid=11. The manipulation of the argument prodid leads to sql injection. The attack can be launched...

CVE-2024-1924

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...

CVE-2024-1830

A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched...

CVE-2023-47795

Summary: CVE-2023-47795 is a stored XSS vulnerability in the Document and Media widget of Liferay Portal 7.4.x (7.4.3.18–7.4.3.101) and Liferay DXP 2023.Q3 before patch 6, and in 7.4 update 18–92. The issue allows remote authenticated users to inject arbitrary script/HTML via crafting payloads in...

CVE-2024-26266

Multiple stored cross-site scripting XSS vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary...

Cross site scripting

Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

CVE-2024-25895

A reflected cross-site scripting XSS vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php...

Design/Logic Flaw

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

SAP Companion 跨站脚本漏洞

SAP Companion is a collaboration server for SAP from SAP Germany. SAP Companion suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code that can be used to obtain sensitive information or hijack user sessions when malicio...

HCL BigFix Server 9.5.x < 9.5.24 / 10.0.x < 10.0.10 / 11.0.x < 11.0.1 Multiple Vulnerabilities (KB0110209)

The version of HCL BigFix Server installed on the remote host is 9.5.x prior to 9.5.24, 10.0.x prior to 10.0.10 or 11.x prior to 11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the KB0110209 advisory. - Heap-based buffer overflow vulnerability in the SOCKS5 proxy...

Cross site scripting

Stored cross-site scripting XSS vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote...