246 matches found
CVE-2023-53931
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
CVE-2023-53931
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
CVE-2023-53918
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...
CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
CVE-2023-53918 PodcastGenerator Stored Cross-Site Scripting via Episode Title Field
PodcastGenerator 3.2.9 contains a stored cross-site scripting vulnerability in the episode title field accessible through the episodes upload interface episodesupload.php. Malicious JavaScript payloads injected into episode titles execute when administrators view the episodes list page...
PT-2025-51965
Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScri...
PT-2025-51969
Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.4.1 Description Revive Adserver 5.4.1 has a cross-site scripting issue in the banner advanced configuration page. This allows attackers to inject malicious scripts. An attacker can create a malicious link to the...
EUVD-2025-203301
A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/viewunit.php. The manipulation of the argument chkId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available a...
CVE-2025-14664
A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/viewunit.php. The manipulation of the argument chkId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available a...
CampCodes Supplier Management System SQL注入漏洞
CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter chkId in the file /admin/viewunit.php, which could lead t...
PT-2025-51166
A vulnerability was identified in Campcodes Supplier Management System 1.0. This issue affects some unknown processing of the file /admin/view unit.php. The manipulation of the argument chkId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available...
CVE-2024-58297
CVE-2024-58297 affects PyroCMS v3.0.1 with a stored XSS in the admin redirects configuration. An attacker can inject a payload into the Redirect From field, causing arbitrary JavaScript to execute when administrators view the redirects page. Public sources consistently describe this as a stored X...
CVE-2024-58296 CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php
CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the title field to execute arbitrary JavaScript when administrators view the currencies page...
CVE-2025-65267
In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the image link to view the avatar, resulting in stored cross-site scripting XSS. Successful...
CVE-2025-13172
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/view-member-report.php. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been released to the...
CVE-2025-13172
CVE-2025-13172 affects CodeAstro Gym Management System 1.0. A SQL injection vulnerability exists in an unknown function of /admin/view-member-report.php triggered by manipulating the ID parameter. Exploitation is possible remotely, and public exploits have been released. NVD reports a high-severi...
CVE-2025-12610
A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and...
CodeAstro Gym Management System SQL注入漏洞
CodeAstro Gym Management System is a gym management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Gym Management System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /admin/view-progress-report.php, which could lead to a SQL...
Cross-site Scripting (XSS)
github.com/usememos/memos is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the application not verifying the content type of uploaded attachments or user avatars and serving the data back as is, which allows an authenticated attacker to inject malicious scripts that execute...
CVE-2025-60316
SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/viewcustomer.php via the ID parameter...