175 matches found
PT-2023-31990 · Unknown · Sourcecodester Best Courier Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Courier Management System version 1.0 Description: A critical issue has been found in the SourceCodester Best Courier Management System. It affects an unknown function of the file parcel list.php, specifically the componen...
WordPress Plugin The Easy Digital Downloads SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
thinkphp SQL Injection via the index.php s parameter
thinkphp 3.1.3 has SQL Injection via the index.php s parameter...
GHSA-XVHR-7Q4Q-QJGP thinkphp SQL Injection via the index.php s parameter
thinkphp 3.1.3 has SQL Injection via the index.php s parameter...
CVE-2022-28077
Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting XSS vulnerability in the Admin panel via the $GET's' parameter...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Persian Woocommerce suffers from a cross-site scripting vulnerability that stems from not escaping the s...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Multisite Content Copier/Updater plugin...
CVE-2022-0193
The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
CVE-2021-39420
Multiple Cross Site Scripting XSS vulnerabilities exist in VFront 0.99.5 via the 1 s parameter in searchall.php and the 2 msg parameter in add.attach.php...
VFront 跨站脚本漏洞
vfront is a free open source front-end for MySQL or PostgreSQL databases written in PHP and Javascript. vfront version 0.99.5 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the s parameter in...
CVE-2021-24676
The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue...
Sql injection
Online Pet Shop We App 1.0 is vulnerable to Union SQL Injection in products.php aka p=products via the c or s parameter...
CVE-2021-24316
The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue...
CVE-2021-24213
The GiveWP – Donation Plugin and Fundraising Platform WordPress plugin before 2.10.0 was affected by a reflected Cross-Site Scripting vulnerability inside of the administration panel, via the 's' GET parameter on the Donors page...
Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability
Document Title: =============== Wordpress Theme Dosimple v2.0 - XSS Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2251 Release Date: ============= 2020-05-06 Vulnerability Laboratory ID VL-ID: ==================================== 225...
wpForo < 1.7.0 - Reflected Cross-Site Scripting (XSS) via s Parameter
The plugin did not escape, validate or escape the 's' GET parameter before outputting back in the page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in admin PoC https://example.com/wp-admin/admin.php?page=wpforo-phrases="...
CVE-2020-12054
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
Cross site scripting
The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter a search query. Also affected are 16 themes if the plugin is enabled by the same author: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise...
CVE-2015-9504
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter...