93 matches found
CVE-2024-4651
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/studentattendancehistory1.php. The manipulation of the argument year leads to cross site scripting. The...
Complete Web-Based School Management System 跨站脚本漏洞
Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Complete Web-Based School Management System, which stems from a cross-site scripting vulnerability in the year...
CVE-2024-4523
A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. Affected by this issue is some unknown functionality of the file /view/teacherattendancehistory1.php. The manipulation of the argument year leads to cross site...
Campcodes Complete Web-Based School Management System 跨站脚本漏洞
Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which stems from a cross-site scripting vulnerability in the...
PT-2024-31488 · Campcodes · Campcodes Complete Web-Based School Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A problematic issue has been found in the system, affecting some unknown functionality of the file /view/teacher attendance history1.php. The manipulation of the...
Tenda 4G300 安全漏洞
The Tenda 4G300 is a portable wireless router aimed at users who need mobile Internet access scenarios. The Tenda 4G300 suffers from a buffer overflow vulnerability that stems from incorrect manipulation of the parameters year/month/day/hour/minute/second, for which no detailed vulnerability...
PT-2024-6872 · Za Internet · Za-Internet C-Mor Video Surveillance
Name of the Vulnerable Software and Affected Versions: za-internet C-MOR Video Surveillance versions 5.2401 through 6.00PL01 Description: An issue was discovered due to insufficient input validation, making the C-MOR web interface vulnerable to OS command injection attacks. The vulnerability can ...
SUSE CVE-2006-3682
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the 1 year, 2 pluginmode or 3 month parameters...
CVE-2022-28025
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=schoolyear...
Knowage SQL注入漏洞
Knowage is a suite of open source tools for modern business analytics. A SQL injection vulnerability exists in the documentexecution/url analysis driver component of Knowage prior to version 7.4 when running reports. An attacker can exploit this vulnerability to execute arbitrary SQL commands on ...
EPrints 安全漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. EPrints 3.4.2 suffers from a command injection vulnerability. A remote attacker can exploit this vulnerability by entering specially crafted data into cgi/cal?year= URI to...
EPrints 跨站脚本漏洞
EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. A reflected cross-site scripting vulnerability exists in the year parameter of the cgi/cal URI in EPrints 3.4.2. No detailed vulnerability details are provided at this time...
CVE-2016-10992
The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports fromyear parameter...
WordPress Spiffy Calendar Plugin Cross-Site Scripting Vulnerability
WordPress is a suite of blogging platforms developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers running PHP and MySQL.Spiffy Calendar plugin is a plugin for managing and displaying user event and appointment information. A...
CVE-2017-9420
Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...
CVE-2017-8789
An issue was discovered on Accellion FTA devices before FTA912180. A reporterror.php?year='payload SQL injection vector exists...
Command Execution Vulnerability in Call Center System Year Parameter of Tibus Communications
The core of Tibco's call center system is a communication-based system for internal and external corporate communication. A command execution vulnerability exists in the year parameter of the Setset Time Communication Call Center System. The vulnerability file: /sysmaint/settime.php allows...
Jigowatt PHP Event Calendar "year" SQL注入漏洞
Jigowatt PHP Event Calendar是一款日历WEB应用程序。 Jigowatt PHP Event Calendar calendar/dayview.php不正确过滤"year"参数数据,允许远程攻击者利用漏洞提交特制的SQL查询,操作或获取数据库数据。 0 Jigowatt PHP Event Calendar 2.x 目前没有详细解决方案: http://codecanyon.net/item/php-event-calendar/47723...
PT-2014-4252 · Drupal · Drupal
Name of the Vulnerable Software and Affected Versions: Drupal versions 7.14 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the year parameter to the "eventcalander/" endpoint. This issue has been disputed by the Drupal Security Tea...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 year and 2 mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...