3939 matches found
CVE-2026-12806
A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The manipulation of the argument selSSID leads to buffer overflow. It is possible to initiate the attack...
CVE-2017-20256
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...
CVE-2017-20256 Joomla Survey Force Deluxe 3.2.4 SQL Injection via invite Parameter
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...
EUVD-2017-18983
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite...
CVE-2017-20256
Joomla Survey Force Deluxe 3.2.4 is affected by an SQL injection via the invite parameter, allowing unauthenticated attackers to run arbitrary SQL through crafted GET requests and potentially read sensitive database information. Impact is high (unauthenticated, network access, data confidentialit...
EUVD-2026-36990
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
CVE-2026-48867
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.1.2 versions...
CVE-2026-40787
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
EUVD-2026-36846
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.1.2 versions...
CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
CVE-2026-40787 WordPress Quiz And Survey Master plugin <= 11.0.0 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Quiz And Survey Master = 11.0.0 versions...
CVE-2026-40787
The vulnerability concerns the WordPress Quiz And Survey Master plugin (versions ≤ 11.0.0). It is an unauthenticated Cross Site Scripting (XSS) flaw identified in these releases. The connected sources confirm the affected product and the XSS impact but do not specify the exact root cause, vulnera...
PT-2026-49425
Name of the Vulnerable Software and Affected Versions Quiz And Survey Master versions prior to 11.0.1 Description Unauthenticated Cross Site Scripting XSS allows an attacker to execute malicious scripts in the victim's browser without requiring authentication. Recommendations Update to a version...
PT-2026-49476
Name of the Vulnerable Software and Affected Versions Quiz And Survey Master versions prior to 11.1.3 Description Unauthenticated Cross Site Scripting XSS exists in the software, allowing an attacker to execute malicious scripts in the victim's browser without requiring authentication...
CVE-2026-50635
LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....
CVE-2026-50635
LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....
CVE-2026-6448
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
WordPress plugin Quiz and Survey Master SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-6448
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
CVE-2026-6448 Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters
The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...