CVE-2026-11453 Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

CVE-2026-11453 Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection

A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched...

Tiobon Employee Self-Service System SQL注入漏洞

The Tiobon Employee Self-Service System is an enterprise employee self-service platform developed by Tiobon Corporation. Versions of the Tiobon Employee Self-Service System prior to 7.2 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter...

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

EUVD-2022-3462

Malicious code in bioql PyPI...

EUVD-2022-3997

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-14631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provide...

Linux Distros Unpatched Vulnerability : CVE-2023-23922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to...

Glassdoor: █████████eflected █████████████████ Vulnerability in Glassdoor Blog ███earch

A reflected cross-site scripting vulnerability was discovered in the Glassdoor blog search functionality. The vulnerability was remediated by strengthening input validation and output encoding...

BIT-MOODLE-2023-23922 Moodle: reflected xss risk in blog search

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

CVE-2023-48049

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search aka websitesearchblog v. 13.0 through 13.0.1.0.1 allows a remote attacker to execute arbitrary code and to gain privileges via the name parameter in controllers/main.py component...

Cybrosys Techno Solutions Website Blog Search Security Breach

Cybrosys Techno Solutions Website Blog Search is a blog that provides a search option. A security vulnerability exists in Cybrosys Techno Solutions Website Blog Search versions 13.0 through 13.0.1.0.1, which stems from an SQL injection vulnerability that could allow a remote attacker to execute...

PT-2023-30678 · Cybrosys Techno Solutions · Cybrosys Techno Solutions Website Blog Search

Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Website Blog Search aka website search blog versions 13.0 through 13.0.1.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code and gain privileges via the name parameter in the...

The vulnerability in the virtual learning environment Moodle arises from the lack of measures taken to protect the structure of web pages. This allows attackers to carry out XSS attacks.

The vulnerability in the virtual learning environment Moodle is related to insufficient cleaning of user data during search operations on blogs. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks remotely...

Groomify v1.0 - SQL Injection Vulnerability

Exploit Title: Groomify v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/groomify-barbershop-salon-spa-booking-and-ecommerce-platform/45808114 Demo Site: https://script.bugfinder.net/groomify Tested on: Kali Linux CVE: N/A Vulnerable URL...

Moodle 4.0.x < 4.0.6 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...

Moodle 3.11.x < 3.11.12 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.19, 3.11.x prior to 3.11.12, 4.0.x prior to 4.0.6 or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability due to the lack of sanitization of some returnurl...