UBUNTU-CVE-2025-70128

A Stored Cross-Site Scripting XSS vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. An attacker can inject arbitrary JavaScript code using...

CVE-2025-70128

Summary: CVE-2025-70128 describes a Stored XSS in PluXml, affecting versions up to 5.8.22, in the article comments feature. Affected component: PluXml core/admin/comments.php. Root cause: User-supplied input in the comment’s link field is not properly sanitized/validated, allowing malicious [remo...

EUVD-2018-18939

Malware in sbrugna...

EUVD-2025-25204

Malicious code in bioql PyPI...

CVE-2025-10811

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10811

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10811

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-10811

CVE-2025-10811 concerns code-projects Hostel Management System 1.0. The vulnerability is a SQL injection in the parameter ID of the file /justines/admin/mod_comments/index.php?view=view, caused by lack of input validation. Attacks could be executed remotely and data theft is possible; exploitatio...

PT-2025-39064

Name of the Vulnerable Software and Affected Versions code-projects Hostel Management System version 1.0 Description A flaw exists in code-projects Hostel Management System 1.0 that allows for SQL injection. Manipulation of the ID argument in the file '/justines/admin/mod...

CVE-2025-55734

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2025-55734

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

CVE-2025-55734 flaskBlo Authorization Bypass

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...

Aplaya Beach Resort Online Reservation System 安全漏洞

Aplaya Beach Resort Online Reservation System is the online room reservation system for Aplaya Beach Resort. A security vulnerability exists in SourceCodester Aplaya Beach Resort Online Reservation System version 1.0, which originates from an SQL injection in the id parameter of the...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...

PHP-Fusion SQL Injection Vulnerability (CNVD-2020-52839)

PHP-Fusion is a Malaysian PHP-Fusion company based on MySql and PHP open source lightweight content management system . The system contains modules such as news, articles and forums. A SQL injection vulnerability exists in the administration/comments.php endpoint in PHP-Fusion version 9.03.50. Th...

CVE-2020-10474

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

CVE-2020-10461

The way comments in article.php vulnerable function in include/functions-article.php are handled in Chadha PHPKB Standard Multi-Language 9 allows attackers to execute Stored Blind XSS injecting arbitrary web script or HTML in admin/manage-comments.php, via the GET parameter cmt...

Dotclear cross-site scripting vulnerability (CNVD-2017-01936)

Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A cross-site scripting vulnerability exists in the admin/comments.php file in versions of Dotclear prior to 2.8.2. This vulnerability can be exploited by a remote attacker to injec...

CVE-2015-8831

Cross-site scripting XSS vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment...

CVE-2011-4958

Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...