EUVD-2022-55986

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

EUVD-2026-22708

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

Online Fire Reporting System bwdates-report-result.php File SQL Injection Vulnerability

Online Fire Reporting System is an online fire reporting system. Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of the fromdate/todate parameter in the file /admin/bwdates-report-result.php for externally entered SQL statements...