CVE-2026-48213

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the direct insertion of the ticketid POST parameter into HTML form input fields...

CVE-2026-4632

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

EUVD-2019-8023

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-48706

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the title parameter with action=add or action=editform within the a managemessage.php file and b...

CVE-2024-12112

The Easy Form Builder – WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'addformEmsfb' AJAX action in all versions up to, and including, 3.8.8 due to...

Form Tools 安全漏洞

Form Tools is an open source code base for Form Tools scripts, modules, themes and APIs. A security vulnerability exists in Form Tools version 3.1.1 that originates from allowing an attacker to run arbitrary commands through the Group Name field under the Add Form section of the application...

Desdev DedeCMS Cross-Site Request Forgery Vulnerability

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site request forgery...

flusity CMS Security Vulnerability

flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in Flusity CMS, which stems from the parameter menuid in the loadPostAddForm function of core/tools/posts.php that can lead to cross-site scripting...

CVE-2022-25394

Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php...

Liferay Portal 安全漏洞

Liferay Portal is a J2EE-based portal solution from Liferay, Inc. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, and so on. A security vulnerability exists in Liferay Portal...

CVE-2021-39353

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

CVE-2018-16349

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add formremark parameter...

Design/Logic Flaw

WUZHI CMS 4.1.0 has XSS via the index.php?m=link&f=index&v=add formremark parameter...