1041 matches found
PT-2026-6860
Summary A Path Traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the old title parameter in the wiki editing form. Vulnerability...
PT-2026-6758
Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.4 Gogs versions 0.13.0 through 0.13.3 Description Gogs is a self-hosted Git service. A path traversal issue exists in the updateWikiPage function. An authenticated user with write access to a repository's wiki can...
CVE-2020-37110
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows manipulation of database queries via unvalidated input (e.g., the 'title' parameter). Impact includes potential data extraction or modification (confidentiality and integrity). Root cause: unvalida...
CVE-2020-37110 60CycleCMS 2.5.2 - 'news.php' SQL Injection Vulnerability
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...
PT-2026-5855
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters like 'title' to inject malicious SQL code and potentially extract or modif...
CVE-2025-70336
PodcastGenerator 3.2.9 contains a stored XSS vulnerability in the Create New Live Item workflow. Attackers can inject script/HTML via TITLE, SHORT DESCRIPTION, or LONG DESCRIPTION; the payload is executed on the View All Live Items and Live Stream pages. The issue is confirmed across multiple fee...
PT-2026-5119
LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparent id parameters to execute arbitrary JavaScript in administrative contexts...
CVE-2025-70336
A Stored cross-site scripting XSS vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION' and 'LONG DESCRIPTION' parameters. The saved payload gets executed on 'View All Live Items' and 'Live...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
MedDream PACS Premium modifyCoercion reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2262 MedDream PACS Premium modifyCoercion reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54861 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyCoercion functionality of MedDream PACS Premiu...
CVE-2026-1118
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-1135 itsourcecode Society Management System activity.php cross site scripting
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-1135
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
CVE-2026-1135
CVE-2026-1135 affects itsourcecode Society Management System 1.0. The vulnerability is a cross-site scripting flaw in the /admin/activity.php function where modifying the Title parameter enables script injection. Exploitation is possible remotely and public exploits exist. Multiple connected sour...
CVE-2026-1135 itsourcecode Society Management System activity.php cross site scripting
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
PT-2026-3422
A security flaw has been discovered in itsourcecode Society Management System 1.0. This impacts an unknown function of the file /admin/activity.php. The manipulation of the argument Title results in cross site scripting. The attack may be launched remotely. The exploit has been released to the...
Intern Membership Management System /add_activity.php File SQL Injection Vulnerability
Intern Membership Management System is an intern membership management system. The Intern Membership Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the Title parameter in the file /intern/admin/addactivity.php for externally entered SQL...
Itsourcecode Society Management System Code Injection Vulnerability
itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Title” in the file...
CVE-2026-1118
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...