Lucene search
K

7 matches found

NVD
NVD
added 5 hours ago4 views

CVE-2026-34111

Guardian language-system passes the id GET parameter directly into a PHP exec call in speechmactext.php line 18 without sanitization: exec"php jobs/speechaudiomactext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS
Exploits0References2
NVD
NVD
added 5 hours ago5 views

CVE-2026-34097

Guardian language-system fails to sanitize the id GET parameter before inserting it into multiple HTML form action attributes in textfile.php lines 94, 101, 323, 403, 826, 852. An authenticated attacker can craft a URL that injects script tags executing in the victim's browser session...

4.8CVSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 6:0 a.m.11 views

EUVD-2026-32097

The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpresscustomizernotifydismissaction AJAX handler before outputting it back in the response, allowing unauthenticated attackers to perform Reflected Cross-Site Scripting attacks against logged-in...

7.1CVSS5.8AI score0.00164EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.13 views

PT-2026-42249

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single unit.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id GET parameter directly into an HTML attribute. Attackers can craft a malicio...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 p.m.5 views

CVE-2022-0189

The WP RSS Aggregator WordPress plugin before 4.20 does not sanitise and escape the id parameter in the wprssfetchitemsrowaction AJAX action before outputting it back in the response, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.5AI score0.02228EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.3 views

Campcodes Online Traffic Offense Management System 跨站脚本漏洞

Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A cross-site scripting vulnerability exists in Campcodes Online Traffic Offense Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the...

6.1CVSS6.2AI score0.00572EPSS
Exploits1References4
Prion
Prion
added 2021/09/20 10:15 a.m.14 views

Sql injection

The Edit Role functionality in the Display Users WordPress plugin through 2.0.0 had an id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection...

6.5CVSS7.3AI score0.01467EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder