CVE-2026-34728

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index method handles file deletion for the media browser. When the fileRemove action is triggered, the user-supplied name parameter is concatenated with the base upload directory path without any...

CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/schedule endpoint. When an authenticated user adds a schedule to an existing task, the schedule name is stored and later rendered in schedule listings without HTML...

📄 LiveHelperChat 4.6.1 Cross Site Scripting

LiveHelperChat versions 4.61 and below suffer from multiple persistent cross site scripting vulnerabilities. Exploit Title: LiveHelperChat Live Help Configuration Telegram Bot. 3. In the Bot Username field, enter the following payload: " 4. Save the settings. 5. Revisit the Telegram configuration...

WeGIA Cross-Site Scripting Vulnerability (CNVD-2025-17297)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /html/matPat/adicionartipoSaida.php, no details of the vulnerability are provided at this time...

PLANET switch devices 跨站请求伪造漏洞

PLANET switch devices are a series of switch devices from PLANET Corporation in China. The PLANET switch devices suffer from a cross-site request forgery vulnerability, which arises from the vulnerability of a web application to a cross-site request forgery attack, where an attacker can trick a...

Sourcecodester Pisay Online E-Learning System SQL注入漏洞

Sourcecodester Pisay Online E-Learning System is an online e-learning system based on PHP and MySQL. Sourcecodester Pisay Online E-Learning System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in a database-based...

WordPress WP Lead Plus X Cross-Site Scripting Vulnerability (CNVD-2020-22307)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.WP Lead Plus X is a page builder that supports building login and other pages. A cross-site scripting vulnerability exists i...

Fortinet FortiADC Cross-Site Scripting Vulnerability

Fortinet FortiADC is an application delivery controller. A cross-site scripting vulnerability exists in Fortinet FortiADC 5.3.3 and earlier versions. The vulnerability stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability t...

Chadha PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha PHPKB Standard Multi-Language. The vulnerability stems from a web...

Chadha Software Technologies PHPKB Standard Multi-Language Cross-Site Request Forgery Vulnerability (CNVD-2020-17147)

Chadha Software Technologies PHPKB Standard Multi-Language is a web-based, multi-language knowledge base management system from Chadha Software Technologies, India. A cross-site request forgery vulnerability exists in Chadha Software Technologies PHPKB Standard Multi-Language. The vulnerability...

Dairy Farm Shop Management System Cross-Site Scripting Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . A cross-site scripting vulnerability exists in Dairy Farm Shop Management System version 1.0. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker...

IceWarp Mail Server Cross-Site Scripting Vulnerability (CNVD-2019-36906)

IceWarp Mail Server is a mail server product from IceWarp USA. The product supports e-mail archiving, SmartAttach attachments, automatic migration, etc. IceWarp Webclient is a Web-based IceWarp client program. A cross-site scripting vulnerability exists in IceWarp Webclient versions prior to...

CVE-2019-3410

All versions up to UKBBWF820+1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to sen...

CVE-2018-5303

An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The license key parameter of the web application is vulnerable to Cross Site Scripting; this vulnerability allows an attacker to send malicious code to another user...