CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

PT-2026-5562

Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...

EUVD-2018-14300

Malware in sbrugna...

CVE-2024-42191 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to COM hijacking

HCL Traveler for Microsoft Outlook HTMO is susceptible to a COM hijacking vulnerability which could allow an attacker to modify or replace the application with malicious content...

CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...

GHSA-7J98-H7FP-4VWJ smarty Cross-site Scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

Cross site scripting vulnerability in Javascript escaping

Impact An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application's behavior, or unauthorized actions performed on behalf of the...

Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities

Document Title: =============== Vicidial v2.14-783a - Multiple XSS Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2311 Release Date: ============= 2022-10-10 Vulnerability Laboratory ID VL-ID: ==================================== 23...

Server side request forgery (ssrf)

Server Side Request Forgery SSRF vulnerability in SAP NetWeaver Knowledge Management Configuration Service, EPBC and EPBC2 from 7.00 to 7.02; KMC-BC 7.30, 7.31, 7.40 and 7.50, that allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application...

Oracle Demantra 12.2.1 - SQL Injection Vulnerability

Exploit for windows platform in category web applications Details: Application is vulnerable to SQL injection. Impact: An attacker with access to the vulnerable pages could manipulate the queries being sent to the database, potentially enabling them to: - Extract sensitive information, including...

Apple App Store was vulnerable for more than Half year

A Google developer helps Apple to fixed a security flaw in its application store that for years has allowed attackers to steal passwords and install unwanted or extremely expensive applications. Security loophole allowed attacker to hijack the connection, because Apple neglected to use encryption...

PBBoard CMS 2.1.4 - Multiple Vulnerabilities

PBBoard CMS 2.1.4 - Multiple Vulnerabilities Title: ====== PBBoard v2.1.4 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=623 VL-ID: ===== 625 Common Vulnerability Scoring System:...

Joomla XBall Component SQL Injection Vulnerability

This host is running Joomla XBall component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomxballsqlinjvuln.nasl 5950 2017-04-13 09:02:06Z teissa $ Joomla XBall Component SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2012 Greenbone...

Joomla Car Component Multiple SQL Injection Vulnerabilities

This host is running Joomla car component and is prone to multiple SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomcarmultsqlinjvuln.nasl 5888 2017-04-07 09:01:53Z teissa $ Joomla Car Component Multiple SQL Injection Vulnerabilities Authors: Madhuri D Copyright: Copyright ...