CVE-2025-1806

A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely...

PT-2025-9696 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2025 Description: A problematic issue has been found in the URL Handler component, specifically affecting the /3/ucenter api/code/register nodb.php file. The manipulation of the $ SERVER'PHP SELF' argument leads to cross-site...

CVE-2025-1806

A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely...

PT-2025-9187 · Eastnets · Eastnets Paymentsafe

Name of the Vulnerable Software and Affected Versions: Eastnets PaymentSafe version 2.5.26.0 Description: A problem has been found in Eastnets PaymentSafe, affecting some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization...

CVE-2025-1074 Webkul QloApps URL mylogout cross-site request forgery

A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. Affected is the function logout of the file /en/?mylogout of the component URL Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-1074

Webkul QloApps 1.6.1 is affected by a cross-site request forgery in the URL Handler logout function at /en/?mylogout. The vulnerability stems from the logout endpoint logic, enabling remote CSRF exploitation. Public exploit/disclosures exist and the vendor has been informed and is working on a fi...

Webkul QloApps 安全漏洞

Webkul QloApps is a hotel reservation management software from Webkul. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from a cross-site request forgery attack due to a logout feature in the file /en/?mylogout of the component URL Handler...

PT-2025-3950 · Hyland · Alfresco Community Edition +1

Name of the Vulnerable Software and Affected Versions: Hyland Alfresco Community Edition and Alfresco Enterprise Edition versions up to 6.2.2 Description: A problematic vulnerability has been found in the URL Handler component of Hyland Alfresco Community Edition and Alfresco Enterprise Edition...

Hyland Alfresco Platform 代码注入漏洞

Hyland Alfresco Platform is an open, modern and secure system from Hyland. Processes and content can be intelligently activated to accelerate business flow. A code injection vulnerability exists in Hyland Alfresco Platform 6.2.2 and prior versions, which originates in the file /share/s/ of the...

PT-2025-23606 · NetGear · Netgear Wnr614

Name of the Vulnerable Software and Affected Versions: Netgear WNR614 version 1.1.0.28 1.0.1WW Description: A critical vulnerability exists in the Netgear WNR614 router, related to bypassing the authentication procedure. Manipulation of the input %00currentsetting.htm appended to a URL leads to...

CVE-2024-10546 open-scratch Teaching 在线教学平台 URL getDictItemsByTable sql injection

A vulnerability classified as critical was found in open-scratch Teaching 在线教学平台 up to 2.7. This vulnerability affects unknown code of the file /api/sys/ng-alain/getDictItemsByTable/ of the component URL Handler. The manipulation leads to sql injection. The attack can be initiated remotely. The...

CVE-2024-10503

A vulnerability was found in Klokan MapTiler tileserver-gl 2.3.1 and classified as problematic. This issue affects some unknown processing of the component URL Handler. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

CVE-2024-10503

CVE-2024-10503 affects Klokan MapTiler tileserver-gl 2.3.1. The vulnerability is in the URL Handler component where manipulation of the key parameter enables cross-site scripting. Exploitation is possible remotely; disclosures exist but details on a fixed version are not provided in the documents...

TileServer GL 跨站脚本漏洞

TileServer GL is an open source map server for vector blocks from the Maptiler team. A cross-site scripting vulnerability exists in TileServer GL version 2.3.1, which stems from a parameter key of the component URL Handler can lead to cross-site scripting attacks...

CVE-2024-7709

The CVE-2024-7709 affects OcoMon versions 4.0RC1/4.0/5.0RC1, where the URL Handler’s /includes/common/require_access_recovery.php performs an unknown processing that allows cross-site scripting. The public exploit and remote initiation potential are indicated, with upgrading to 4.0.1 or 5.0 addre...

CVE-2024-7709 OcoMon URL require_access_recovery.php cross site scripting

A vulnerability, which was classified as problematic, has been found in OcoMon 4.0RC1/4.0/5.0RC1. This issue affects some unknown processing of the file /includes/common/requireaccessrecovery.php of the component URL Handler. The manipulation leads to cross site scripting. The attack may be...

External Control Of Filename

phenx/php-svg-lib is vulnerable to External Control of Filename. The vulnerability is due to insecure handling of inline CSS font definitions, allowing an attacker to deserialize a PHAR file through the phar:// URL handler. Note that remote code execution is only possible on PHP versions less the...

Cross site scripting

A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "alert'torada' leads to cross site scripting...

CVE-2024-0650

CVE-2024-0650 affects Project Worlds Visitor Management System 1.0, specifically the URL Handler’s dataset.php. The vulnerability is a reflected XSS caused by manipulating the argument name (example input: >""), which can be exploited remotely and has been disclosed publicly. Multiple sources ...

CVE-2024-0415

A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack ca...