Tongda OA 2017 SQL Injection Vulnerability

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version, which originates from the existence of an unknown part of the file general/hr/training/record/delete.php, which leads to sql injection via the parameter RECORDI...

CVE-2023-5261

A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/stafftitleevaluation/delete.php. The manipulation of the argument EVALUATIONID leads to sql injection. The exploit has been disclosed to the public and may...

CVE-2023-5030

A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLANID leads to sql injection. The exploit has been disclosed to the public and may be used...

Earcms 代码问题漏洞

Earcms is a content management system from Earcms open source. A code issue vulnerability exists in Earcms App version v.20181124, which stems from allowing remote attackers to execute arbitrary code via uload/index-uplog.php...

Availability Booking Calendar PHP Cross Site Scripting Vulnerability

Availability Booking Calendar PHP is a GZ Scripts open source availability booking calendar system. A cross-site scripting vulnerability exists in Availability Booking Calendar PHP version 5.0, which stems from the parameter sessionid in the file /index.php that causes cross-site scripting...

Lawyer 跨站脚本漏洞

Lawyer is a legal and lawyer website by the phpscriptpoint team. A cross-site scripting vulnerability exists in phpscriptpoint Lawyer version 1.6, which stems from the presence of some unknown functions in search.php that lead to cross-site scripting...

CVE-2023-36146

A Stored Cross-Site Scripting XSS vulnerability was found in Multilaser RE 170 using firmware 2.2.6733...

Pluck 跨站脚本漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev4, which originates from a cross-site scripting XSS vulnerability in file /admin.php. An attacker can exploit the vulnerability by uploading a...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

CVE-2023-21515

CVE-2023-21515 concerns Samsung Galaxy Store InstantPlay prior to version 4.5.49.8, where a vulnerable script could execute JavaScript to install APKs from Galaxy Store. The issue arises from InstantPlay containing a script that enables the JavaScript API to initiate APK installation. Impact desc...

Online Jewelry Store 跨站脚本漏洞

Online Jewelry Store is an online jewelry store for janobe individual developers. A cross-site scripting vulnerability exists in SourceCodester Online Jewelry Store version 1.0, which stems from a problem in the customer.php file and can be exploited by an attacker to conduct a cross-site scripti...

CVE-2023-23785

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in DgCult Exquisite PayPal Donation plugin = v2.0.0 versions...

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 20.9 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on:...

Online Computer and Laptop Store Cross-Site Scripting Vulnerability (CNVD-2023-29382)

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Brand...

Online Pizza Ordering System 跨站脚本漏洞

Online Pizza Ordering System is an online pizza ordering system by Carlo Montero, a personal developer. A security vulnerability exists in Online Pizza Ordering System version 1.0, which originates from a cross-site scripting XSS vulnerability in /php-opos/signup.php, which can be exploited by an...

K47662005: BIG-IP Net HSM script vulnerability CVE-2022-28859

When installing Net HSM, the scripts nethsm-safenet-install.sh and nethsm-thales-install.sh expose the Net HSM partition password. CVE-2022-28859 Impact This vulnerability may allow an authenticated attacker with network access to the Net HSM to use or delete private keys by accessing a...

PT-2023-14530 · WordPress · Simple Membership

Name of the Vulnerable Software and Affected Versions: Simple Membership WordPress plugin versions prior to 4.2.2 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admin...

PT-2023-10147 · Unknown · Pointhi Searx Stats

Name of the Vulnerable Software and Affected Versions: pointhi searx stats affected versions not specified Description: A critical issue has been found in pointhi searx stats, affecting some unknown processing of the file cgi/cron.php, leading to sql injection. Recommendations: Apply a patch to f...

PT-2023-12766 · Nokia · Asik Airscale

Name of the Vulnerable Software and Affected Versions: Nokia ASIK AirScale system module versions 474021A.101 through 474021A.102 Description: A vulnerability exists in Nokia’s ASIK AirScale system module that could allow an attacker to place a script on the file system accessible from Linux. A...