CVE-2025-12610

A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and...

PT-2025-44782

Name of the Vulnerable Software and Affected Versions ultimatefosters UltimatePOS version 4.8 Description A cross-site scripting XSS flaw exists in the administrative interface of the software. Input provided in the purchase functionality is reflected without proper sanitization in the admin log...

Code-Projects Simple Online Hotel Reservation System SQL注入漏洞

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...

CVE-2023-7312

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...

EUVD-2020-30804

Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting XSS via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2020-36866

Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting XSS via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2020-36866 Nagios XI < 5.7.3 XSS via Manage Users in Admin Interface

Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting XSS via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2020-36866 Nagios XI < 5.7.3 XSS via Manage Users in Admin Interface

Nagios XI versions prior to 5.7.3 are vulnerable to cross-site scripting XSS via the Manage Users page of the Admin interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2020-36866

Nagios XI pre-5.7.3 is affected by a cross-site scripting (XSS) vulnerability on the Manage Users page in the Admin interface due to insufficient input validation/escaping. Impact: attacker can inject and execute script in a victim’s browser. Remediation: upgrade to 5.7.3 or later (sources refer ...

CVE-2023-7312

Nagios Fusion is affected by a stored XSS in Email Settings for versions prior to 4.2.0. The vulnerability arises from insufficient input sanitization, allowing unsanitized input to be stored and later rendered in the administrative UI, enabling JavaScript execution in the browsers of users viewi...

CVE-2023-7312 Nagios Fusion < 4.2.0 Email Settings Stored XSS via SMTP/sendmail

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...

EUVD-2025-37023

Dell Secure Connect Gateway SCG 5.0 Application and Appliance versions 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection download REST API if this REST API is enabled by Admin user from UI. A low privileged attacker with remote...

PT-2025-44549

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the Manage Users page within the Admin interface. This is due to inadequate validation or escaping of...

CVE-2024-45161

CVE-2024-45161 describes a CSRF vulnerability in the administrative web GUI of Blu-Castle BCUM221E running version 1.0.0P220507. The issue can be triggered via a crafted URL, image load, or XMLHttpRequest, potentially leading to exposure of data or unintended code execution. The CVE notes a netwo...

CVE-2025-32785

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to cross-site scripting XSS via the Address field in the Subscribed Lists group management section...

CVE-2025-12251

A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted ear...

CVE-2025-12246

A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed...

EUVD-2025-36369

A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function deleteuser of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used...

CVE-2025-59151 Pi-hole Admin Interface vulnerable to HTTP response header injection via CRLF injection

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed CRLF injection. When a request is made to a file ending with the .lp extension, t...

CVE-2025-53533

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to reflected cross-site scripting XSS via a malformed URL path. The 404 error page includes t...