15 matches found
EUVD-2026-31307
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers can...
CVE-2025-14040
The Automotive Car Dealership Business WordPress Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Call to Action' custom fields in all versions up to, and including, 13.4. This is due to insufficient input sanitization and output escaping on user-supplied attributes in th...
CVE-2025-20920
Out-of-bounds read in action link data in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory...
CVE-2024-5024
CVE-2024-5024 concerns the MemberPress WordPress plugin. The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw that can be triggered via the mepr_screenname and mepr_key parameters in pages that trigger user actions. It affects all versions up to and including 1.11.29 (per the initial ...
NeoMind Fusion Platform 跨站脚本漏洞
NeoMind Fusion Platform is an Artificial Intelligence AI solution designed to provide intelligent diagnosis, treatment, and assisted decision support in the healthcare field. A cross-site scripting vulnerability exists in NeoMind Fusion Platform, which stems from the parameter link in the file...
SUSE CVE-2020-9359
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document...
Vulnerability of the actionLinkHandler method in the server-based corporate messaging system that supports file sharing and video conferences. Chat, which allows attackers to expose sensitive information.
The vulnerability of the actionLinkHandler method in the server-based corporate messaging system that supports file and video conferencing exchanges. Chat-related vulnerabilities involve insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose...
PT-2022-4943 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Rocket.Chat versions prior to 4.8.2 Rocket.Chat versions prior to 4.7.5 Description: An information disclosure issue exists due to insufficient input validation in the actionLinkHandler method, allowing Message...
okular: local binary execution via specially crafted PDF files
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document...
DEBIAN-CVE-2020-9359
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document...
CVE-2020-9359
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document...
UBUNTU-CVE-2020-9359
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document...
CVE-2020-9359
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document...
JTBC (PHP) File Deletion Vulnerability
JTBC PHP is an open source CMS Content Management System. JTBC PHP 3.0.1.6 version of the file deletion vulnerability , a remote attacker can use /console/file/manage.php?type=action&action=delete&path=c%3A%2F URL to exploit the vulnerability to delete arbitrary files on the system...
SQL Injection Vulnerability in EML Enterprise Address Book Management System action.link.php file
EML enterprise customer relationship management system is based on Linux open kernel and Apache based Php + Mysql intelligent B / S interactive service system. A SQL injection vulnerability exists in the EML Enterprise Contact Management System action.link.php file. An attacker can exploit this...