54 matches found
CVE-2024-47097
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2024-47097
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2024-47097 Reflected Cross-Site Scripting in Follet School Solutions Destiny
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
EUVD-2024-55603
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2024-47097 Reflected Cross-Site Scripting in Follet School Solutions Destiny
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
CVE-2024-47097
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
PT-2026-44213
Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...
EUVD-2019-20091
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...
CVE-2019-25678
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the usersselect.php endpoint with crafted S...
CVE-2019-25678
CVE-2019-25678 affects C4G Basic Laboratory Information System 3.4 via SQL injection in the site parameter, exploitable through GET requests to users_select.php. The underlying issue allows unauthenticated attackers to execute arbitrary SQL commands and exfiltrate sensitive data such as patient r...
PT-2026-30486
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users select.php endpoint with crafted...
CVE-2025-41027
Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'apprecuperarclave.php'...
CVE-2025-41026
Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'applogin.php'...
EUVD-2025-209047
Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'applogin.php'...
EUVD-2025-209049
Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'apprecuperarclave.php'...
CVE-2025-41027
Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'apprecuperarclave.php'...
CVE-2025-41026
Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'applogin.php'...
CVE-2025-41027 Multiple vulnerabilities in GDTaller
Reflected Cross Site Scripting XSS vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter in 'apprecuperarclave.php'...
CVE-2025-41027
GDTaller is affected by CVE-2025-41027 for a Reflected XSS vulnerability. The issue allows an attacker to execute JavaScript in the victim’s browser by delivering a malicious URL via the site parameter of the app_recuperarclave.php endpoint. The linked sources report this as a reflected XSS vulne...
CVE-2025-41026
CVE-2025-41026: Reflected XSS in GDTaller. Vulnerability arises from handling the site parameter in app_login.php, allowing an attacker to cause JavaScript execution in the victim’s browser via a malicious URL. Documents indicate this is a reflected XSS with CVSS v4.0 base score 5.1 (Medium); no ...