15 matches found
CVE-2026-48228 Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patientw.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticketid GET parameters directly into an HTML form action URL. Attackers ca...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal in the integration action URL process. An attacker can execute arbitrary API calls with system administrator privileges by exploiting path traversal in the integration action URL when authenticated with a...
PT-2026-42505
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticket id GET parameters directly into an HTML form action URL. Attackers ca...
PT-2026-42506
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in patient w.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the id and ticket id GET parameters directly into an HTML form action URL. Attackers...
ZITADEL 代码问题漏洞
ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 contained code vulnerabilities that could lead to server-side request...
EmbedPress < 3.9.2 - Reflected XSS
Description The plugin does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing the HTML code below " / " /...
SUSE CVE-2006-6077
The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...
Cherwell Service Management 输入验证错误漏洞
Cherwell Service Management is flexible, feature-rich ITSM software that is easy to use, configure and maintain. An input validation error vulnerability exists in Cherwell Service Management because the product does not validate special characters in data corresponding to the RelayState parameter...
in opensourcepos/opensourcepos
✍️ Description The giftcards/view/ POST request can be hijacked so that the information will be sent to another page, by modifying the login page URL. 🕵️♂️ Proof of Concept Change the login page URL to https://mydomain.com/giftcards/view/anotherpagehere Then the form action in the webpage will be...
Simple Social Buttons < 3.2.0 - Reflected Cross-Site Scripting
Simple Social Buttons version 3.1.1 has a reflected Cross-Site Scripting vulnerability in the POST parameter "sharecounts". Both unauthenticated and authenticated attacks are possible Edit WPScanTeam The original report stated the issue as being fixed in 3.2.0, however a CSRF nonce has been added...
ChromePass - Chrome Browser Password Recovery Tool
ChromePass is a small password recovery tool that allows you to view the user names and passwords stored by Google Chrome Web browser. For each password entry, the following information is displayed: Origin URL, Action URL, User Name Field, Password Field, User Name, Password, and Created Time. Y...
DigitalHive <= 2.0 RC2 (user_id) Remote SQL Injection Exploit
No description provided by source. !-- Hive v2.0 RC2 Remote SQL Injection c0ded by j0j0 -- html head style type=text/css body margin:3%; font-size:10px; color:FFFFFF; font-family:Verdana,Arial; background-color:1a1a1a; text-align: center; input background:303030; color:FFFFFF;...
security flaw
The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...
CVE-2006-6077
The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...
CVE-2006-6077
The 1 Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the 2 Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a...