81 matches found
CVE-2025-65136
Summary: CVE-2025-65136 affects the Manikandan580 School-management-system 1.0. The vulnerability is a reflected XSS in the admin-facing page /studentms/admin/contact-us.php, exploitable via the pagedes POST parameter. The accompanying data from multiple sources (NVD, EUVD-ENISA, CVE lists, and v...
CVE-2016-10763
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...
CVE-2020-10431
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-templates.php by adding a question mark ? followed by the payload...
EUVD-2020-2845
Malware in sbrugna...
EUVD-2009-2141
Malware in sbrugna...
EUVD-2020-13385
Malware in sbrugna...
EUVD-2006-4744
Malware in sbrugna...
EUVD-2008-2175
Malware in sbrugna...
EUVD-2017-9124
Malware in sbrugna...
EUVD-2016-1757
Malware in sbrugna...
EUVD-2022-33995
Malicious code in bioql PyPI...
PT-2023-11498 · Unknown · Chaoji Cms
Name of the Vulnerable Software and Affected Versions: Chaoji CMS version 2.18 Description: A stored cross site scripting XSS issue in the /index.php?admin-master-article-edit endpoint of Chaoji CMS allows attackers to obtain administrator privileges. Recommendations: For Chaoji CMS version 2.18,...
Elementor Website Builder < 3.12.2 - Admin+ SQLi
The plugin does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role. 1. Go to Elementor Tools Replace URL 2. Fill the first field with http://localhost:8000/ ...
PT-2023-16985 · Sourcecodester · Sourcecodester Automatic Question Paper Generator System
Name of the Vulnerable Software and Affected Versions: SourceCodester Automatic Question Paper Generator System version 1.0 Description: A critical issue has been found in the GET Parameter Handler component of the file admin/courses/view course.php. The manipulation of the id argument leads to s...
CVE-2023-27052
E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/deleteuser.php...
8x8 Bounty: admin.8x8.vc: Member users with no permission can integrate email to connect calendar via GET /meet-external/spot-roomkeeper/v1/calendar/auth/init?..
An improper access control vulnerability was discovered on the admin section of 8x8's video conferencing platform. Member users with no permission were able to exploit this vulnerability to integrate their email and connect their calendar to the platform. This allowed them to access areas they we...
Cross-site Scripting (XSS)
Overview s-cart/core is a free Laravel e-commerce for business. Affected versions of this package are vulnerable to Cross-site Scripting XSS in Admin section. It have the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Details...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in Admin section. It have the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Details Cross-site scripting or XSS is a code vulnerability that...
Cross-site Scripting (XSS) - Stored in friends-of-forkcms/fork-cms-module-commerce
Description In the admin section in Commerce - Shop settings - Stock statuses - Edit stock statuses one can add XSS payloads. After adding XSS payloads when a user is visiting Commerce - Shop settings - Stock statuses the JavaScript code will be run. Proof of Concept Go to Commerce - Shop setting...
CVE-2016-10763
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body...