CVE-2026-6633

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2026-6633 Yifang CMS Extended Management L_rbac_admin.php store cross site scripting

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifangbackendaccount/logic/admin/Lrbacadmin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting. The...

CVE-2025-6131

A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site...

CodeAstro Food Ordering System 代码注入漏洞

CodeAstro Food Ordering System is a food ordering system from CodeAstro. A code injection vulnerability exists in CodeAstro Food Ordering System version 1.0, which stems from cross-site scripting due to incorrect manipulation of the Restaurant Name/Address parameter in the file /admin/store/edit/...

PT-2024-17763 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic vulnerability has been found in Emlog Pro, affecting an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possibl...

emlog 代码注入漏洞

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. Code injection vulnerability exists in emlog 2.4.1 and previous versions, the vulnerability stems from the manipulation of the tag parameter in the /admin/store.php file leading to cross-site scripting attacks...

PT-2024-32027 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions prior to 2.3.15 Description: A remote code execution issue in the /admin/store.php component of Emlog Pro allows attackers to use remote file downloads and self-extract functions to upload webshells to the target server,...

CVE-2023-41621

A Cross Site Scripting XSS vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php...

CVE-2023-41621

A Cross Site Scripting XSS vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php...

Emlog Security Vulnerability

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. A security vulnerability exists in Emlog Pro version v2.1.14, which originates from the component /admin/store.php contains a cross-site scripting XSS vulnerability...

PT-2023-28004 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro version 2.1.14 Description: A Cross Site Scripting XSS issue was found in the /admin/store.php component. Recommendations: For Emlog Pro version 2.1.14, consider disabling access to the /admin/store.php component until a patch is...

Autocomplete Location field Contact Form 7 < 3.0 - Admin+ Store Cross-Site Scripting

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Contact Google Place API" 2...

Zhongbang CRMEB 跨站脚本漏洞

Zhongbang CRMEB is an open source e-commerce management system from Zhongbang Networks Zhongbang in Xi'an, China. A security vulnerability exists in CRMEB Java version 1.3.4, which originates from a security issue in the function save in the file /api/admin/store/product/save, resulting in...

PT-2023-17115 · Zhong Bang · Crmeb

Name of the Vulnerable Software and Affected Versions: Zhong Bang CRMEB Java versions up to 1.3.4 Description: A issue was found in the function save of the file "/api/admin/store/product/save" API endpoint, which leads to cross site scripting. The attack may be initiated remotely. Recommendation...

Emlog 跨站脚本漏洞

Emlog is a PHP and MySQL based CMS builder by the individual developers of Emlog. A security vulnerability exists in Emlog Pro v1.7.1, which originates from a reflected cross-site scripting XSS vulnerability in /admin/store.php...

CVE-2022-31356

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=...

CVE-2022-31356

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=...