21 matches found
CVE-2026-36948
Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/viewarchive.php...
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
CVE-2021-47872 SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
PT-2026-3824
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order col' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...
EUVD-2025-4356
Malicious code in bioql PyPI...
CVE-2025-27280
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...
CVE-2025-27280
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...
WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha in WordPress Plugin Archive Page versions = 1.0.2...
CVE-2025-27280
CVE-2025-27280 : WordPress Archive Page plugin (versions n/a–1.0.1) suffers a DOM-Based XSS due to improper input neutralization during page generation. Exploitation is reported as an authenticated (Contributor+) Stored XSS. Remediation: upgrade to a fixed release (1.0.2 or later) once available.
CVE-2025-27280 WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...
CVE-2025-27280 WordPress Archive Page plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Alobaidi Archive Page archive-page allows DOM-Based XSS.This issue affects Archive Page: from n/a through = 1.0.2...
PT-2025-7725 · Unknown · Alobaidi Archive Page
Name of the Vulnerable Software and Affected Versions: Alobaidi Archive Page versions n/a through 1.0.1 Description: The issue is related to improper neutralization of input during web page generation, which leads to a Cross-site Scripting XSS vulnerability, specifically DOM-Based XSS...
CVE-2024-3815
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2024-3815
The Newspaper theme for WordPress is vulnerable to Stored Cross-Site Scripting via attachment meta in the archive page in all versions up to, and including, 12.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
PT-2024-27893 · WordPress · Newspaper Theme For Wordpress
Name of the Vulnerable Software and Affected Versions: Newspaper theme for WordPress versions up to, and including, 12.6.5 Description: The issue is related to Stored Cross-Site Scripting via attachment meta in the archive page due to insufficient input sanitization and output escaping on user...
Don't Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims
A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in a web browser when a victim visits a .ZIP domain. "With this phishing attack, you simulate a file archiver software e.g., WinRAR in the browser and use a .zip domain to make it...
The vulnerability of the entry page for the personal archive in Cgi/private.py of the GNU Mailman mailing system allows a intruder to inject arbitrary content.
The vulnerability of the entry page for the personal archive in Cgi/private.py of the GNU Mailman system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary content using a specially created request...
CVE-2020-15011
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page...
CVE-2020-15011
Removed by vendor...
tagesschau.de XSS vulnerability
Vulnerable URL: http://www.tagesschau.de/mehr/archiv/hintergruende-archiv100.html?correspondent=number=2=1'"alert'XSSPOSED'...