PYSEC-2025-46

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

CVE-2023-1559

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

CVE-2023-42230

Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Cross Site Scripting XSS via the WSCView/Save function...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

CVE-2025-3970

The CVE concerns baseweb JSite (versions up to 1.0). A cross-site scripting vulnerability is triggered by manipulating the Remarks argument in the /sys/office/save function. It is exploitable remotely, and multiple sources note that the exploit has been disclosed publicly. Practical impact is lim...

The vulnerability of the save() function in the HAX CMS PHP content management system allows a hacker to download files with the required extension and execute arbitrary code.

The vulnerability of the save function in the HAX CMS PHP content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows an attacker to remotely download files with the required extensions and execute arbitrary co...

CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Save function. An attacker with page editing privileges can inject malicious HTML content by manipulating the content argument. Details Cross-site...

CVE-2025-2967

...

CVE-2025-2965

...

CVE-2024-11640

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change...

CVE-2025-25818

CVE-2025-25818 describes an XSS vulnerability in Emlog Pro v2.5.4. The flaw is in the article_save.php postStrVar function, allowing an attacker to inject crafted payloads that trigger arbitrary web-script or HTML execution. The vulnerability is categorized with CVSSv3.1 metrics: AV:L/AC:L/PR:N/U...

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack...

newbee-mall 代码注入漏洞

newbee-mall is a newbee open source e-commerce system . Newbee-mall 1.0 version of the code injection vulnerability exists , the vulnerability stems from the component Add Category Page file /admin/categories/save function save the parameter categoryName will lead to cross-site scripting attacks...

PT-2025-6011 · Unknown · Newbee-Mall

Name of the Vulnerable Software and Affected Versions: newbee-mall version 1.0 Description: A problematic issue has been found in newbee-mall. The save function of the /admin/categories/save API endpoint in the Add Category Page component is affected. The manipulation of the categoryName argument...

PT-2025-1676 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to...

PT-2025-1456 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue is related to Cross Site Scripting XSS via the WSCView/Save function. This allows for potential malicious script execution. No information is provided about the...

PT-2025-1453 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue is related to Directory Traversal via the WSCView/Save function. This allows for potential unauthorized access to sensitive files and directories...

CVE-2023-42230

Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Cross Site Scripting XSS via the WSCView/Save function...