8 matches found
CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
CVE-2025-50367
CVE-2025-50367 corresponds to a stored blind XSS vulnerability in the Contact Page of Phpgurukul Medical Card Generation System 1.0 (mcgs/contact.php). The root cause is improper sanitization/cleanup of the name field, enabling JavaScript injection. Public sources (NVD, Red Hat, CNVD, CNVD, PT-Se...
CVE-2025-50367
A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input, allowing an attacker to inject malicious JavaScript...
PT-2025-27236 · Unknown · Phpgurukul Medical Card Generation System
Name of the Vulnerable Software and Affected Versions: Phpgurukul Medical Card Generation System version 1.0 Description: A stored blind XSS issue exists in the Contact Page, specifically affecting the "name" field in the mcgs/contact.php file. This field fails to properly sanitize user input,...
GHSA-X525-54HF-XR53 Blind XSS Leading to Froxlor Application Compromise
Description: A Stored Blind Cross-Site Scripting XSS vulnerability has been identified in the Failed Login Attempts Logging Feature of the Froxlor Application. Stored Blind XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious...