463 matches found
PT-2024-16419 · WordPress · Woocommerce Support Ticket System
Name of the Vulnerable Software and Affected Versions: WooCommerce Support Ticket System plugin for WordPress versions up to, and including, 17.7 Description: The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validati...
CVE-2024-7785
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...
CVE-2024-7785
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...
CVE-2024-7785 Reflected XSS in Ece Software's Electronic Ticket System
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...
CVE-2024-7785
CVE-2024-7785 affects Ece Software Electronic Ticket System. The issue is a Reflected XSS caused by improper input neutralization during web page generation, limiting impact to systems before 2024.08. The provided documents do not specify exploitation status, affected versions beyond the stated t...
CVE-2024-7785 Reflected XSS in Ece Software's Electronic Ticket System
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting XSS. This issue affects Electronic Ticket System: before 2024.08...
Ece Electronic Ticket System 跨站脚本漏洞
Ece Electronic Ticket System is an electronic ticket system from Ece Corporation. A cross-site scripting vulnerability exists in the Ece Electronic Ticket System that stems from improper input neutralization during web page generation...
UBUNTU-CVE-2024-43443
Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in Process Management modules of OTRS and OTRS Community Edition allows Cross-Site Scripting XSS within the Process Management targeting other admins. This issue affects: OTRS from 7.0.X through 7.0....
UBUNTU-CVE-2024-43444
Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...
CVE-2024-42765
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...
CVE-2024-42766
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php...
CVE-2024-42766
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php...
CVE-2024-42765
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters...
CVE-2024-42764
CVE-2024-42764 affects Kashipara Bus Ticket Reservation System v1.0. The public details show a CSRF vulnerability in /deleteTicket.php that allows forging requests without user interaction, aligning with a network-based attack vector. The CVE metrics describe low confidentiality impact but high i...
CVE-2024-42766
Kashipara Bus Ticket Reservation System v1.0.0 is reported vulnerable to Incorrect Access Control via the /deleteTicket.php endpoint, enabling unauthorized actions such as deleting bookings. The root cause is broken access control; the impact is access/modify/admin actions outside the intended pe...
CVE-2024-42761
A Stored Cross Site Scripting XSS vulnerability was found in "/adminschedule.php" in Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code via scheduleDurationPHP parameter...
PT-2024-30132 · Unknown · Kashipara Bus Ticket Reservation System
Name of the Vulnerable Software and Affected Versions: Kashipara Bus Ticket Reservation System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/history.php" endpoint, allowing remote attackers to execute arbitrary code via the Name, Phone, and Email parameter...
Ticket Reservation System SQL注入漏洞
Ticket Reservation System is itsourcecode open source ticket reservation system. Ticket Reservation System version 1.0 has a SQL injection vulnerability, the vulnerability stems from the prefSeatid parameter of the listtickets.php file contains a SQL injection vulnerability...
SUSE CVE-2024-23793
The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...
UBUNTU-CVE-2024-23793
The file upload feature in OTRS and OTRS Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl...