CVE-2025-59746

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'...

Sql injection

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action...

Osclass 'alert' Parameter SQL Injection Vulnerability

OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . The Osclass 'alert' parameter suffers from a SQL injection vulnerability because it fails to adequately filter user-supplied data before using it in a SQL query. Allows an attacker to...

Wordpress Newsletter 3.2.6 Cross Site Scripting

Wordpress Newsletter Plugin 3.2.6 alert Reflected XSS Vulnerability Vendor: Stefano Lissa Product web page: http://wordpress.org/extend/plugins/newsletter/ Affected version: 3.2.6 and bellow Summary: Newsletter is the perfect WordPress plugin for creating real newsletters and mail marketing syste...

CVE-2006-5074

Cross-site scripting XSS vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter...