CVE-2024-27728

CVE-2024-27728 is a Cross Site Scripting vulnerability affecting Friendica version 2023.12. The issue allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature. Several sources (NVD, Red Hat, OSV, CVE list entries, and PT Security) corroborate this...

PT-2024-38071 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress versions up to, and including, 5.9.27 Description: The issue is related to Stored Cross-Site Scripting via the no more...

CVE-2024-6703

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ and 'btntxt' parameters in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output...

PT-2024-37810 · Fluent Forms · Contact Form Plugin By Fluent Forms

Name of the Vulnerable Software and Affected Versions: Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress versions up to, and including, 5.1.19 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input...

CVE-2024-5260

The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘readmoretext’ parameter in all versions up to, and including, 3.5.5 due to insufficient...

PT-2024-36020 · Winnmp · Winnmp

Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02 Description: A vulnerability has been discovered that allows for an XSS attack via the index page, specifically in the from, subject, text, and hash parameters. This could enable a remote user to send a specially crafted...

PT-2024-13448 · Cypress Solutions · Ctm-200

Name of the Vulnerable Software and Affected Versions: Cypress Solutions CTM-200 versions 2.7.1.5600 and below Description: The issue is related to an OS command injection vulnerability. This vulnerability can be exploited via the cli text parameter. Recommendations: For versions 2.7.1.5600 and...

Cypress Solutions CTM-200 Security Vulnerability

The Cypress Solutions CTM-200 is a wireless gateway from Cypress Solutions. A security vulnerability exists in Cypress Solutions CTM-200 v2.7.1.5600 and earlier versions that stems from an operating system command injection vulnerability via the clitext parameter...

PT-2024-1254 · Totolink · Totolink Lr1200Gb

Name of the Vulnerable Software and Affected Versions: Totolink LR1200GB version 9.1.0u.6619 B20230130 Description: A critical issue has been found in the function setSmsCfg of the file /cgi-bin/cstecgi.cgi, which is related to a stack-based buffer overflow due to the manipulation of the text...

PT-2023-32702 · Beijing Baichuo · Beijing Baichuo S210

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo S210 up to 20231121 Description: A critical issue has been found, affecting an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the txt argument leads to SQL injection. ...

phpkobo AjaxNewTicker Cross-Site Scripting Vulnerability

phpkobo AjaxNewTicker is an application from phpkobo Inc. A security vulnerability exists in phpkobo AjaxNewTicker version v.1.0.5, which stems from a cross-site scripting XSS vulnerability in the parameter txt of the file index.php...

CVE-2023-36314

There is a Cross Site Scripting XSS vulnerability in the value-text-osmsemailrequestmessage parameters of index.php in PHPJabbers Callback Widget v1.0...

phpscriptpoint RecipePoint SQL注入漏洞

RecipePoint is a SaaS multi-vendor recipe platform from the phpscriptpoint team. A SQL injection vulnerability exists in phpscriptpoint RecipePoint version 1.9, which stems from the parameter text/category/type/difficulty/cuisine/cookingmethod in the file /recipe-result that can lead to sql...

CVE-2022-48082

Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag...

CVE-2022-48082

Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag...

Sql injection

Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag...

Easyone CRM SQL注入漏洞

Easyone CRM is a customer relationship management system from Easyone. Manage your business relationships and access your data, from sales to marketing, wherever you are, directly from your management. A security vulnerability exists in Easyone CRM version v5.50.02, which stems from a SQL injecti...

CVE-2022-48082

Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag...

PT-2023-15095 · Nexusphp · Nexusphp

Name of the Vulnerable Software and Affected Versions: NexusPHP versions prior to 1.7.33 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to reflective cross-site scripting XSS attacks. This can be achieved by injecting malicious input int...

Dovgalyuk AIBattle SQL注入漏洞

AIBattle is a platform for creating AI contests by Pavel Dovgalyuk Personal Developer. Dovgalyuk AIBattle suffers from a SQL injection vulnerability that originates in the function sendComments in the file site/procedures.php, where manipulating the text of the parameter results in SQL injection...