CVE-2025-3554

Phpshe 1.8 is affected by CVE-2025-3554 due to improper handling of the act parameter in api.php?mod=cron&act=buyer, which enables cross-site scripting. The vulnerability is exploitable remotely. The PT-2025-16207 advisory confirms the issue and suggests remediation: restrict access to the api.ph...

CVE-2025-3554 phpshe api.php cross site scripting

A vulnerability was found in phpshe 1.8. It has been rated as problematic. This issue affects some unknown processing of the file api.php?mod=cron&act=buyer. The manipulation of the argument act leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to...

CVE-2025-2952 Bluestar Micro Mall api.php unrestricted upload

A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The exploit...

CVE-2025-1835 osuuu LightPicture Api.php upload unrestricted upload

A vulnerability has been found in osuuu LightPicture 1.2.2 and classified as critical. This vulnerability affects the function upload of the file /app/controller/Api.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been...

CVE-2025-1835

CVE-2025-1835 affects osuuu LightPicture 1.2.2. The vulnerability is in the upload function of /app/controller/Api.php, where manipulation of the file argument allows unrestricted remote file upload. Multiple sources (including Red Hat, NVD, CVE listings, CIRCL) document this issue and describe i...

CVE-2025-1186

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

CVE-2025-1186 dayrui XunRuiCMS Api.php deserialization

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

CVE-2025-1186 dayrui XunRuiCMS Api.php deserialization

A vulnerability was found in dayrui XunRuiCMS up to 4.6.4. It has been declared as critical. This vulnerability affects unknown code of the file /Control/Api/Api.php. The manipulation of the argument thumb leads to deserialization. The attack can be initiated remotely. The exploit has been...

CVE-2024-41371

Organizr v1.90 is vulnerable to Cross Site Scripting XSS via api.php...

CVE-2024-41371

Organizr v1.90 is vulnerable to Cross Site Scripting XSS via api.php...

CVE-2024-41371

Organizr v1.90 is vulnerable to Cross Site Scripting XSS via api.php...

CVE-2024-41371

CVE-2024-41371 affects Organizr v1.90 and is described as a Cross-Site Scripting (XSS) vulnerability exploitable via the api.php endpoint. The available sources concur on the vulnerable version and vector, but do not provide a confirmed patch version within the connected documents. Some reference...

Organizr 安全漏洞

Organizr is a tab management system for causefx individual developers. It is intended to be a one-stop store for server front-ends. A security vulnerability exists in Organizr v1.90, which stems from a cross-site scripting XSS vulnerability via api.php...

CVE-2024-41371

Organizr v1.90 is vulnerable to Cross Site Scripting XSS via api.php...

CVE-2020-36825 cyberaz0r WebRAT api.php download_file unrestricted upload

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

CVE-2020-36825 cyberaz0r WebRAT api.php download_file unrestricted upload

UNSUPPORTED WHEN ASSIGNED DISPUTED A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function downloadfile of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be...

CVE-2024-1923 SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function deleteclass/deletestudent of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input...

CVE-2024-24131

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting XSS vulenrability via the component api.php...

CVE-2024-24131

CVE-2024-24131 affects SuperWebMailer, specifically version 9.31.0.01799, with a reflected cross-site scripting (XSS) vulnerability in the api.php component. The vulnerability allows unauthenticated attackers to execute arbitrary JavaScript in a victim’s browser, potentially enabling cookie or se...

CVE-2024-24131

SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting XSS vulenrability via the component api.php...