tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the failure to clean the frmaddstr POST parameter in ics205a.php, allowing for th...

SourceCodester Engineers Online Portal 安全漏洞

SourceCodester Engineers Online Portal is an online portal for engineers, developed by SourceCodester as open source. Version 1.0 of the SourceCodester Engineers Online Portal contains a security vulnerability. This vulnerability stems from the newpassword parameter in the updatepassword.php file...

SourceCodester Sales and Inventory System 安全漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the parameter limit...

COMFAST CF-XR11 安全漏洞

COMFAST CF-XR11 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-XR11 version V2.7.2, which stems from an uncleaned phyinterface parameter in the multipppoe API, which could lead to a command injection attack...

eScan Web Management Console 安全漏洞

eScan Web Management Console is a control panel software from eScan India. A security vulnerability exists in eScan Web Management Console version 5.5-2 that stems from the pass parameter not being properly cleaned, which could lead to command injection and remote code execution...

Password Pusher 跨站脚本漏洞

Password Pusher is an open source application by Peter Giacomo Lombardo, an individual developer, that is used to pass sensitive information over the Web. Password Pusher suffers from a cross-site scripting vulnerability that stems from an uncleaned parameter. An attacker exploiting this...

Cacti 跨站脚本漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A cross-site scripting vulnerability exists in Cacti version 1.2.27, whic...

WordPress Plugin WooCommerce Customers Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress plugin WP-PostRatings security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. The WordPress plugin WP-PostRatings...

OpenNMS Horizon Cross-Site Scripting Vulnerability

OpenNMS Horizon is an open source solution from OpenNMS, Inc. that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon versions 31.0.8 through 32.0.2 that stems from a parameter not being cleaned...