318 matches found
CVE-2026-5826
A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can lead to cross site scripting. The attack can be launched remotely. The exploit has been published...
PT-2026-31475
A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/dashboard/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in...
CVE-2026-5568 Akaunting Invoice/Billing cross site scripting
A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...
CVE-2026-5325
A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...
PT-2026-30043
Name of the Vulnerable Software and Affected Versions Casdoor version 2.356.0 Description A security flaw exists in the dangerouslySetInnerHTML function of Casdoor 2.356.0. Manipulation of the formCss/formCssMobile/formSideHtml argument can lead to cross-site scripting XSS. This attack can be...
CVE-2026-4973
A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quizquestion results in cross site scripting. It is possible to initiate the...
CVE-2026-4596 projectworlds Lawyer Management System lawyers.php cross site scripting
A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and...
EUVD-2026-12243
A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2026-4186 UEditor JSONP Callback controller.php cross site scripting
A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...
CVE-2026-3054 Alinto SOGo cross site scripting
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this...
CVE-2026-2939
A vulnerability was found in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /addstudent/ of the component Add Student Module. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been...
CVE-2026-2933
A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...
PT-2026-21420
A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...
CVE-2026-2222
A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btnfunctions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack m...
CVE-2026-2200
A weakness has been identified in heyewei JFinalCMS 5.0.0. This affects an unknown function of the file /admin/admin/save of the component API Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been made available to the publi...
CVE-2026-2159
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...
CVE-2026-1444
A vulnerability has been found in iJason-Liu BooksManager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/bookscenter/addbookcheck.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. T...
CVE-2026-1146 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_register_patient.php cross site scripting
A vulnerability has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /php/apiregisterpatient.php. Such manipulation of the argument firstName/lastName leads to cross site scripting. The...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting
A flaw has been found in PHPGurukul Staff Leave Management System 1.0. The affected element is the function ADDSTAFF/UPDATESTAFF of the file /staffleave/slms/slms/adminviews.py of the component SVG File Handler. Executing a manipulation of the argument profilepic can lead to cross site scripting...