EUVD-2021-2378

Malware in sbrugna...

CVE-2024-12262

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

CVE-2024-12262

The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scrip...

PT-2024-17516 · WordPress · Ebook Store

Name of the Vulnerable Software and Affected Versions: Ebook Store plugin for WordPress versions up to, and including, 5.8001 Description: The issue is related to Reflected Cross-Site Scripting via the step parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2024-25270

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data...

PT-2024-20853 · Unknown · Mirapolis Lms

Name of the Vulnerable Software and Affected Versions: Mirapolis LMS version 4.6.XX Description: An issue in Mirapolis LMS allows authenticated users to exploit an Insecure Direct Object Reference IDOR vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the...

SUSE CVE-2013-5588

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the step parameter to install/index.php or 2 the id parameter to cacti/host.php...

CVE-2022-23173

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get a...

CVE-2022-23173

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get a...

SQL Injection in thinkjs

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

GHSA-Q5MQ-6FJG-4MW8 SQL Injection in thinkjs

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

Sql injection

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

ThinkJS SQL注入漏洞

ThinkJS is a Node.js framework for future-proof development that integrates a wide range of project best practices to make enterprise-level development easier and more efficient. A SQL injection vulnerability exists in the model.increment and model.decrease functions in ThinkJS 3.2.10. A remote...

Cross site scripting

paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php step parameter...

PT-2017-17095

Name of the Vulnerable Software and Affected Versions MaNGOSWebV4 versions prior to 4.0.8 Description The issue is related to a reflected XSS in the install/index.php file, specifically affecting the step parameter. Recommendations For versions prior to 4.0.8, update to version 4.0.8 or later to...

CVE-2014-5345

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter...

CVE-2007-1148

PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter...

CVE-2007-1148

PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter...

PT-2006-5081 · Vbulletin · Vbulletin

Name of the Vulnerable Software and Affected Versions: vBulletin version 3.5.4 Description: A remote file inclusion issue in the install/upgrade 301.php file allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. However, the vendor has disputed this issue, stating...