CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...

CVE-2024-50840

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/class.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the classname parameter...

CVE-2024-50836

CVE-2024-50836 describes a Stored Cross-Site Scripting (XSS) flaw in Kashipara E-learning Management System Project 1.0, occurring at /admin/teachers.php. The issue enables remote attackers to inject and execute arbitrary scripts via the firstname and lastname parameters. The vulnerability is cha...

CVE-2024-50837

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/adminuser.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the firstname and username parameters...

CVE-2024-50842

CVE-2024-50842 describes a stored XSS in Kashipara E-learning Management System Project 1.0, affecting the /admin/school_year.php endpoint. The vulnerability allows remote attackers to inject and execute arbitrary scripts through the school_year parameter, implying an stored XSS due to improper i...

CVE-2024-50842

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/schoolyear.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the schoolyear parameter...

CVE-2024-50838

A Stored Cross-Site Scripting (XSS) vulnerability affects Kashipara E-learning Management System Project 1.0, located in /admin/department.php. The flaw allows remote attackers to inject and execute arbitrary scripts via the d and pi parameters. According to the connected documents, the issue is ...

CVE-2024-50839

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/addsubject.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the subjectcode and title parameters...

CVE-2024-50841

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/calendarofevents.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the datestart, dateend, and title parameters...

CVE-2024-50841

CVE-2024-50841 is a stored XSS vulnerability in Kashipara E-learning Management System Project 1.0. The issue resides in the /admin/calendar_of_events.php endpoint, where user-controlled input in the fields date_start, date_end, and title can be stored and later reflected, enabling remote script ...

CVE-2024-50840

The CVE-2024-50840 entry describes a Stored XSS vulnerability in Kashipara E-learning Management System Project 1.0, exploitable via /admin/class.php with the class_name parameter. The root cause is unsanitized input allowing script execution in the victim’s browser. Per the connected data, the i...

CVE-2024-10850

The Razorpay Payment Button Elementor Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attacker...

Car Rental Portal /search.php file cross-site scripting vulnerability

Car Rental Portal is a rental car portal. Car Rental Portal suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the /search.php file parameter searchdata, which can be exploited by an attacker to execute arbitrary...

CVE-2024-9585

The Image Map Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saveproject' function with an arbitrary shortcode in versions up to, and including, 6.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...

CVE-2024-9374

The CVE-2024-9374 entry describes a Reflected Cross-Site Scripting flaw in the WordPress Terms descriptions plugin (versions ≤ 3.4.6) caused by insufficient escaping in add_query_arg. This can allow unauthenticated attackers to inject scripts in pages executed when a user interacts (e.g., clickin...

CVE-2024-45262

GL-iNet devices affected (MT6000, MT3000, MT2500, AXT1800, AX1800) on version 4.6.2 have a vulnerability in the /rpc call where the params parameter allows arbitrary directory traversal, enabling script execution under arbitrary paths. Affected components: the /rpc endpoint’s params parameter. Im...

CVE-2024-35314

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...

CVE-2024-30160

A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow ...

CVE-2024-30159

A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting XSS attack due to insufficient validation of user input. A successful exploit could allow an attacker...

CVE-2024-35314

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance MiVB SVI 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user...