87066 matches found
CVE-2026-5836
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2026-5836 code-projects Online Shoe Store admin_product.php cross site scripting
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2026-5836
Affected software and entry point: code-projects Online Shoe Store 1.0, vulnerable via /admin/admin_product.php with manipulation of the product_name parameter. Vulnerability type: cross site scripting (XSS). Impact/conditions: remote initiation; affects user input handling in the admin context; ...
CVE-2026-5836 code-projects Online Shoe Store admin_product.php cross site scripting
A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminproduct.php. The manipulation of the argument productname leads to cross site scripting. The attack can be initiated remotely. The exploit has been...
CVE-2026-5835 code-projects Online Shoe Store admin_football.php cross site scripting
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Executing a manipulation of the argument productname can lead to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2026-5835 code-projects Online Shoe Store admin_football.php cross site scripting
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Executing a manipulation of the argument productname can lead to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2026-5835
CVE-2026-5835 affects code-projects Online Shoe Store 1.0. The vulnerability lies in the admin_football.php script, where manipulating the argument product_name can trigger cross-site scripting (XSS). Affected functionality is unspecified beyond /admin/admin_football.php. It can be exploited remo...
CVE-2026-5835
A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/adminfootball.php. Executing a manipulation of the argument productname can lead to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2026-5834
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...
CVE-2026-5834 code-projects Online Shoe Store admin_running.php cross site scripting
A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...
CVE-2026-5834
CVE-2026-5834 affects code-projects Online Shoe Store 1.0. The vulnerability resides in an unknown function inside /admin/admin_running.php, where manipulating the argument product_name enables cross-site scripting. The issue can be exploited remotely, and public exploit code is indicated in the ...
CVE-2026-3568
The MStore API plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.18.3. This is due to the updateuserprofile function in controllers/flutter-user.php processing the 'metadata' JSON parameter without any allowlist, blocklist, or validatio...
CVE-2026-3574
CVE-2026-3574 concerns the Experto Dashboard for WooCommerce WordPress plugin (
phpBB 安全漏洞
phpBB is a set of web forum software developed by Ariefibis. Version 3.3.15 of phpBB has a security vulnerability; this vulnerability stems from the cross-site request forgery functionality in the administration control panel icons, which may allow for the execution of arbitrary code...
PT-2026-31704
OpenPLC V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator acces...
PHPGurukul News Portal Project SQL注入漏洞
PHPGurukul News Portal Project is a news portal project of PHPGurukul Corporation. Version 4.1 of the PHPGurukul News Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Username in the file admin/checkavailability.php, which may le...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
PT-2026-31766
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.22 Description OpenClaw versions prior to 2026.3.22 do not properly enforce operator.admin scope on mutating internal ACP chat commands, which allows unauthorized modifications. Attackers without admin...
CVE-2025-70365
A stored cross-site scripting XSS vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected...
Code-Projects Online Shoe Store 代码注入漏洞
Code-Projects Online Shoe Store is an open-source online shoe store system developed by Code-Projects. Version 1.0 of Code-Projects Online Shoe Store contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter productname in the file...