CVE-2024-46240

Collabtive 3.1 is vulnerable to Cross-site scripting XSS via the name parameter under action=system and the company/contact parameters under action=addcust within admin.php file...

CVE-2024-9083

SourceCodester Employee Management System 1.0 is affected. The vulnerability lies in /Admin/add-admin.php where improper handling of the txtfullname parameter enables cross-site scripting. It can be triggered remotely and the exploit has been disclosed publicly. There are no patch/version details...

CVE-2024-9083 SourceCodester Employee Management System add-admin.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

CVE-2024-8523 lmxcms SQL Command Execution Module admin.php formatData code injection

A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may ...

GHSA-H4XF-WX99-JMV4 Microweber Cross Site Scripting (XSS) vulnerability

Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

Microweber Cross Site Scripting (XSS) vulnerability

Microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

CVE-2024-41381

CVE-2024-41381 affects microweber 2.0.16. The vulnerability is a Cross-Site Scripting (XSS) in the file userfiles/modules/settings/admin.php, arising from insufficient input filtering/escaping. Evidence across multiple sources (NVD/Red Hat/CNVD/Veracode/GHSA/OSV) describes an XSS risk targeting a...

CVE-2024-41381

microweber 2.0.16 was discovered to contain a Cross Site Scripting XSS vulnerability via userfiles\modules\settings\admin.php...

SimpCMS Cross-Site Scripting Vulnerability

SimpCMS is an easy-to-use CMS based on PureEdit. A cross-site scripting vulnerability exists in SimpCMS version 0.1, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to execute arbitrary web script or HTML via a...

CVE-2024-39248

A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...

CVE-2024-39248

SimpCMS v0.1 is affected by an XSS in the Title field at /admin.php. Root cause cited across sources is lack of proper filtering/escaping of user input, enabling arbitrary web script or HTML execution. Impacted functionality is the admin input for the Title, with the potential for full script exe...

CVE-2024-39248

A cross-site scripting XSS vulnerability in SimpCMS v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at /admin.php...

CVE-2024-6215

The CVE-2024-6215 entry concerns SourceCodester Food Ordering Management System (up to 1.0). A vulnerability affects the view-ticket-admin.php file where manipulating the id parameter leads to SQL injection. The issue is described as remote-exploitable with a publicly disclosed exploit. Multiple ...

CVE-2024-6215 SourceCodester Food Ordering Management System view-ticket-admin.php sql injection

A vulnerability was found in SourceCodester Food Ordering Management System up to 1.0. It has been rated as critical. This issue affects some unknown processing of the file view-ticket-admin.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The...

PT-2024-37457 · Sourcecodester · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A critical issue affects the processing of the file view-ticket-admin.php, where the manipulation of the id argument leads to SQL injection. The attack can be initiated...

Widget4Call <= 1.0.7 - Reflected XSS

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make an admin open the URL:...

CVE-2024-5380

The CVE-2024-5380 entry describes a cross-site scripting (XSS) vulnerability in the Short URL system by jsy-1, affecting version 1.0.0. The flaw is located in an unknown function within admin.php where manipulating the url parameter enables remote exploitation. A fix exists in version 2.0.0, via ...

CVE-2024-5380 jsy-1 short-url admin.php cross site scripting

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...

CVE-2024-5380 jsy-1 short-url admin.php cross site scripting

A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address...