169 matches found
CVE-2023-26813
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do...
SourceCodester Stock Management System 安全漏洞
SourceCodester Stock Management System is an open source inventory management system from SourceCodester. A security vulnerability exists in SourceCodester Stock Management System version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter ID in the file...
WordPress Recently Purchased Products For Woo plugin <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via view Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Recently Purchased Products For Woo versions = 1.1.3...
CVE-2024-26157
All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 are vulnerable to reflected cross site scripting XSS attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response t...
ETIC Telecom Remote Access Server 跨站脚本漏洞
ETIC Telecom Remote Access Server is a remote maintenance solution from the French company ETIC Telecom. It is designed to enable manufacturers to remotely maintain automated equipment. A cross-site scripting vulnerability exists in ETIC Telecom Remote Access Server versions prior to 4.5.0, which...
CVE-2024-10338
A vulnerability classified as critical was found in SourceCodeHero Clothes Recommendation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/home.php. The manipulation of the argument view/view1 leads to sql injection. The attack can be launched remotely. Th...
i-doit 跨站脚本漏洞
i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...
CVE-2024-44797
A cross-site scripting XSS vulnerability in the component /managers/enablerequests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter...
Gazelle 安全漏洞
Gazelle is a web framework for private BitTorrent trackers from the individual developers at WhatCD. Gazelle has a security vulnerability that stems from a cross-site scripting vulnerability in the view parameter of the /managers/enablerequests.php file...
CVE-2024-33993
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...
CVE-2024-33994
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'...
CVE-2024-33992
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'...
CVE-2024-33991
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'...
CVE-2024-33991
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'...
CVE-2024-33986
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in...
CVE-2024-33986
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in...
CVE-2024-33985
Cross-Site Scripting XSS vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php...
CVE-2024-33994
The CVE-2024-33994 describes a Cross-Site Scripting (XSS) vulnerability in School Event Management System version 1.0. The issue is triggered by crafting a URL that targets the view parameter in /event/index.php, enabling an attacker to obtain a victim’s session details. The NVD entry lists the a...
CVE-2024-33993 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...
CVE-2024-33993 Cross-Site Scripting (XSS) vulnerability in Janobe School Event Management System
Cross-Site Scripting XSS vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'...