Progress Flowmon 跨站脚本漏洞

Progress Flowmon is a real-time network traffic monitoring tool developed by Progress Corporation. Versions of Progress Flowmon prior to 12.5.8 and 13.0.6 contained a cross-site scripting vulnerability. This vulnerability could lead to unexpected operations when administrators clicked on maliciou...

CVE-2026-21664

HackerOne community member Huynh Pham Thanh Luc nigh7c0r3 has reported a reflected XSS vulnerability in the afr.php delivery script of Revive Adserver. An attacker can craft a specific URL that includes an HTML payload in a parameter. If a logged in administrator visits the URL, the HTML is sent ...

CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

EUVD-2018-10437

Malware in sbrugna...

EUVD-2022-29484

Malicious code in bioql PyPI...

CVE-2025-7686

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

CVE-2022-24604

Luocms v2.0 is affected by SQL Injection in /admin/link/linkmod.php...

CVE-2022-24605

Luocms v2.0 is affected by SQL Injection in /admin/link/linkok.php...

MRCMS 代码注入漏洞

MRCMS is a content management system by the individual developer of marker. A code injection vulnerability exists in MRCMS version 3.1.2, which stems from improper manipulation of the file /admin/link/edit.do in the component External Link Management Page, which could lead to a cross-site scripti...

SeaCMS 注入漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. An injection vulnerability exists in SeaCMS 13.3 and earlier versions, which stems from an SQL injection due to the operation of the...

CVE-2025-3592

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

My-Blog-layui 代码注入漏洞

My-Blog-layui is a blog system by ZHENFENG13 individual developer. A code injection vulnerability exists in My-Blog-layui version 1.0, which originates from a cross-site scripting issue in the file /admin/v1/link/edit...

emlog 代码注入漏洞

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. Code injection vulnerability exists in emlog Pro 2.4.1 and earlier versions, which originates from cross-site scripting attacks due to manipulation of the siteurl/icon parameter in the /admin/link.php file...

PT-2024-17765 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic issue has been found in Emlog Pro, affecting some unknown functionality of the file /admin/link.php. The manipulation of the siteurl/icon argument leads to cross site scripting. The...

idcCMS Security Breach

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from China's Net Titanium Technology Net Titanium Technology. A security vulnerability exists in idcCMS v1.35, which originates from /admin/ipRecorddeal.php?mudi=del&dataType=&dataID=1...

PT-2023-31189 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS. The vulnerability can be exploited via the "/admin/friend link/update" API endpoint. Recommendations: For JFinalCMS version 5.0.0, as a...

Project Worlds Online Examination System 跨站请求伪造漏洞

Project Worlds Online Examination System is an online examination system Project Worlds Online Examination System version 1.0 suffers from a cross-site request forgery vulnerability that originates from an attacker being able to craft a malicious link that, when clicked by an administrator user,...

CVE-2022-24605

Luocms v2.0 is affected by SQL Injection in /admin/link/linkok.php...

CVE-2022-24605

Luocms v2.0 is affected by SQL Injection in /admin/link/linkok.php...

CVE-2022-24604

Luocms v2.0 is affected by SQL Injection in /admin/link/linkmod.php...