CVE-2026-7226

SourceCodester Pizzafy Ecommerce System 1.0 contains a SQL injection in the /admin/ajax.php?action=login2 function (parameter e-mail). Remote exploitation is possible and the exploit has been publicly disclosed. This CVE entry documents a critical vulnerability scenario affecting login handling; ...

MajorDoMo 代码注入漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a code injection vulnerability in MajorDoMo. This vulnerability stems from an error in the inclusion order of modules/panel.class.php, which causes the execution to continue after a...

EUVD-2025-199674

Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...

CVE-2025-34328

AudioCodes Fax Server and Auto-Attendant IVR appliances (≤ 2.6.23) expose an unauthenticated script-management endpoint in the web administration component (F2MAdmin) at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-sid...

CVE-2025-13346

CVE-2025-13346 affects SourceCodester Train Station Ticketing System v1.0. The vulnerability is in /ajax.php?action=save_station where manipulating id/station enables SQL injection. Reported as exploitable remotely with a public exploit; CVSS data indicate high/confidentiality/ integrity/availabi...

EUVD-2017-1431

Malware in sbrugna...

CVE-2025-30149

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting XSS in the AJAX Script interface\super\layoutlistitemsajax.php via the target parameter. This vulnerability is fixed in 7.0.3...

CVE-2025-30149

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting XSS in the AJAX Script interface\super\layoutlistitemsajax.php via the target parameter. This vulnerability is fixed in 7.0.3...

CVE-2025-30149

CVE-2025-30149 concerns OpenEMR, a free/open source EHR/PM app. It describes a reflected XSS in the AJAX Script interface, specifically in layout_listitems_ajax.php accessed via the target parameter. The vulnerability’s root cause is input reflected back to the user, enabling script injection. Ac...

CVE-2025-30149 OpenEMR Reflected XSS in AJAX Script

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting XSS in the AJAX Script interface\super\layoutlistitemsajax.php via the target parameter. This vulnerability is fixed in 7.0.3...

CVE-2025-30149 OpenEMR Reflected XSS in AJAX Script

OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting XSS in the AJAX Script interface\super\layoutlistitemsajax.php via the target parameter. This vulnerability is fixed in 7.0.3...

PT-2025-13796 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3 Description: The issue concerns reflected cross-site scripting XSS in the AJAX Script interface, specifically in the layout listitems ajax.php file via the target parameter. This allows for potential XSS attack...

SourceCodester School Fees Payment System 跨站请求伪造漏洞

SourceCodester School Fees Payment System is a school fees payment system. A cross-site request forgery vulnerability exists in version 1.0 of the SourceCodester School Fees Payment System, which stems from the /ajax.php file containing a cross-site request forgery...

CVE-2024-36680

In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2024-36680

In the module "Facebook" pkfacebook =1.0.1 from Promokit.eu for PrestaShop, a guest can perform SQL injection. The ajax script facebookConnect.php have a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

CVE-2024-36680

The CVE-2024-36680 issue affects the PrestaShop module pkfacebook (Facebook)

CVE-2021-46198

An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app...

CVE-2019-14398

Summary (CVE-2019-14398) : cPanel prior to 80.0.5 contains an input validation/command-execution vulnerability in the ajax_maketext_syntax_util.pl component (SEC-498), enabling demo accounts to execute arbitrary code. The issue is exposed over network (no user interaction required) and has a high...

CVE-2017-1000146

Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link o...

CVE-2017-1000146

CVE-2017-1000146 affects Mahara 1.9 before 1.9.7, 1.10 before 1.10.5, and 15.04 before 15.04.2. The underlying issue is an unescaped portfolio page title in the AJAX update of the Add/remove watchlist link on artefact detail pages, allowing arbitrary Javascript execution in the browser of a logge...