SourceCodester Pizzafy Ecommerce System 跨站脚本漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System contains a cross-site scripting vulnerability. This vulnerability arises from the parameter Name in the savesettings function located...

EUVD-2009-2606

Malware in sbrugna...

CVE-2025-11346 ILIAS Base64 Decoding unserialize deserialization

A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument fsettings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10....

EUVD-2023-34672

Malicious code in bioql PyPI...

WordPress Gravity Forms Plugin 2.9.0.1 < 2.9.2 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediaburst:gravityforms"; if description...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of validation on the SETTINGSMAXHEADERLISTSIZE parameter. An attacker can cause the server to allocate excessive memory resources, leading to an OutOfMemoryError or...

CVE-2025-1948 Eclipse Jetty HTTP clients can increase memory allocation

In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGSMAXHEADERLISTSIZE. The Jetty HTTP/2 server does not perform validation on this setting, and tries to allocate a ByteBuffer of the specified capacity to...

CVE-2024-57601

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legalsettings parameter...

Cross-site Scripting (XSS)

Overview alextselegidis/easyappointments is a powerful Open Source Appointment Scheduler that can be installed on your server. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the legalsettings parameter. Details Cross-site scripting or XSS is a code...

Easy!Appointments 安全漏洞

Easy!Appointments is a web-based appointment and schedule management system by Alex Tselegidis, a personal developer. A security vulnerability exists in Easy!Appointments v1.5.0, which stems from the unfiltered legalsettings parameter, making it susceptible to cross-site scripting attacks...

PT-2024-30041 · Yotuwp · The Video Gallery – Youtube Playlist

Name of the Vulnerable Software and Affected Versions: The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress versions up to, and including, 1.3.13 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the...

EasyPHP Webserver OS Command Injection Vulnerability

EasyPHP Webserver is an EasyPHP open source platform that allows you to build a development environment. EasyPHP Webserver version 14.1 suffers from an operating system command injection vulnerability that stems from the presence of an operating system command injection vulnerability. An attacker...

CVE-2023-39599

CVE-2023-39599 affects CSZ CMS v1.3.0. The data shows a Cross-Site Scripting (XSS) vulnerability in the Social Settings parameter that can be exploited by a crafted payload to execute arbitrary code. Reported metrics indicate low confidentiality and integrity impact with no availability impact, a...

CVE-2023-30247

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the updatesettings parameter...

SUSE CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...

SUSE CVE-2018-5072

Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter...

PT-2022-3505 · Elementor · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder plugin versions prior to 3.5.6 Description: The issue is related to insufficient protection of the webpage structure, allowing a remote attacker to perform cross-site scripting. This is a DOM-based Reflected Cross-Si...

CVE-2022-0683

The Essential Addons for Elementor Lite WordPress plugin is vulnerable to Cross-Site Scripting due to insufficient escaping and sanitization of the settings parameter found in the /includes/Traits/Helper.php file which allows attackers to inject arbitrary web scripts onto a pages that executes...

Seo Panel Cross-Site Scripting Vulnerability (CNVD-2021-22150)

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in Seo Panel 4.8.0. A remote attacker can exploit this vulnerability to inject JavaScript via the settings.php category parameter...

SEO Panel 跨站脚本漏洞

SEO Panel is a free, open source SEO optimization software. A cross-site scripting vulnerability exists in Seo Panel 4.8.0. A remote attacker can exploit this vulnerability to inject JavaScript via the settings.php category parameter...