17 matches found
EUVD-2025-29088
Malicious code in bioql PyPI...
CVE-2025-10331 cdevroe unmark Marks.php cross site scripting
A vulnerability has been found in cdevroe unmark up to 1.9.3. This issue affects some unknown processing of the file /application/controllers/Marks.php. Such manipulation of the argument Title leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to th...
CVE-2025-9432 mtons mblog Admin Panel list cross site scripting
A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such manipulation of the argument Title leads to cross site scripting. The attack can be launched remotely. The exploit has been...
CVE-2025-9138
A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Th...
PT-2025-17985 · Withstars · Books-Management-System
Name of the Vulnerable Software and Affected Versions: withstars Books-Management-System version 1.0 Description: A vulnerability has been found in withstars Books-Management-System. This affects an unknown part of the file "/admin/article/add/do". The manipulation of the argument Title leads to...
Cross-site Scripting (XSS)
Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the manipulation of the Title argument. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious...
CVE-2023-1111
FastCMS up to 0.1.5 is affected. The issue exists in the New Article Tab functionality where manipulating the Title argument triggers cross-site scripting. The attack can be performed remotely, and public exploits have been disclosed. No remediation details are provided in the referenced documents.
PT-2024-25760 · Unknown · Sourcecodester Online Courseware
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Courseware version 1.0 Description: A critical issue has been found in the software. The problem is related to an unknown function in the file admin/listscore.php, where the manipulation of the title argument leads to SQ...
CVE-2024-2274 Bdtask G-Prescription Gynaecology & OBS Consultation Software Prescription Dashboard Index cross site scripting
A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to...
PT-2024-18274 · Unknown · Bdtask Bhojon Best Restaurant Management
Name of the Vulnerable Software and Affected Versions: Bdtask Bhojon Best Restaurant Management Software version 2.9 Description: A problematic issue has been found in the software, affecting the processing of the file /dashboard/message of the component Message Page. The manipulation of the...
PT-2023-25571 · Gz Scripts · Gz Scripts Vacation Rental Website
Name of the Vulnerable Software and Affected Versions: GZ Scripts Vacation Rental Website version 1.8 Description: A vulnerability was found in the HTTP POST Request Handler component, affecting some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/. The...
PT-2023-16917 · Hsycms · Hsycms
Name of the Vulnerable Software and Affected Versions: Hsycms version 3.1 Description: A problematic issue has been found in the file controllercate.php of the component Add Category Module. The manipulation of the title argument leads to cross site scripting. The attack may be launched remotely...
PT-2023-10136 · Unknown · Emmflo Yuko-Bot
Name of the Vulnerable Software and Affected Versions: emmflo yuko-bot affected versions not specified Description: A vulnerability was found in emmflo yuko-bot, declared as problematic. The manipulation of the title argument leads to denial of service. The attack can be initiated remotely...
PT-2022-28050 · Unknown · Venganzas Del Pasado
Name of the Vulnerable Software and Affected Versions: Venganzas del Pasado affected versions not specified Description: A vulnerability was found in Venganzas del Pasado and classified as problematic. The manipulation of the argument the title leads to cross site scripting. The attack may be...
CVE-2022-4596
Shoplazza 1.1 contains a cross-site scripting vulnerability in the Add Blog Post Handler. The issue arises from manipulating the Title argument for the endpoint /admin/api/admin/articles/, which can be exploited remotely and has public PoC material. Public advisories in multiple sources confirm t...
Phishing Attacks
firefox is vulnerable to phishing attacks. The vulnerability exists as the API accepts a title argument after registering a new protocol handler...
CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...