CVE-2025-5459

A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0...

CVE-2025-6538

The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-10592

The Mapster WP Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the popup class parameter in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

Online Class and Exam Scheduling System class_sched.php file cross-site scripting vulnerability

Online Class and Exam Scheduling System is an online class and exam scheduling system. A cross-site scripting vulnerability exists in Online Class and Exam Scheduling System, which stems from a lack of validation of the class parameter in the file /Scheduling/pages/classsched.php against an...

CVE-2025-29568

A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/classsched.php. Manipulating the class parameter can lead to cross-site scripting XSS...

CVE-2025-29568

A vulnerability has been discovered in the code-projects Online Class and Exam Scheduling System 1.0. The issue affects some unknown features in the file /Scheduling/pages/classsched.php. Manipulating the class parameter can lead to cross-site scripting XSS...

Code-Projects Online Class and Exam Scheduling System 安全漏洞

Code-Projects Online Class and Exam Scheduling System is an online class and exam scheduling system from Code-Projects open source. A security vulnerability exists in Code-Projects Online Class and Exam Scheduling System version 1.0, which stems from incorrect manipulation of the class parameter ...

CVE-2025-29568

CVE-2025-29568 concerns the Online Class and Exam Scheduling System 1.0. Multiple connected sources (CNVD-2026-00706, CNNVD-202504-3544, RH-CVE, NVD) describe a cross-site scripting (XSS) vulnerability in the file /Scheduling/pages/class_sched.php triggered by manipulating the class parameter. CN...

student-manage 代码注入漏洞

student-manage is a student grade management system developed by a Chinese individual developer, Huang Yongkang. A code injection vulnerability exists in student-manage version 1.0, which stems from an incorrect operation of the parameter Class that can lead to cross-site scripting...

WordPress GD Rating System plugin <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via extra_class Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via extraclass Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin GD Rating System versions = 3.6.1...

WordPress Login Logout Shortcode plugin <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via class Parameter vulnerability discovered by theviper17y in WordPress Plugin Login Logout Shortcode versions = 1.1.0...

CVE-2024-5061

The Enfold - Responsive Multi-Purpose Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wrapperclass’ and 'class' parameters in all versions up to, and including, 6.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

Web-School ERP SQL注入漏洞

Web-School ERP is an application from Web-School India. An ERP application. A SQL injection vulnerability exists in Web-School ERP version 1.0, which originates from a SQL injection vulnerability in the groupsid, examname, classesid, esvoucherid, esclass, etc parameters on the...

Senayan Library Management System 9.1.0 SQL Injection Vulnerability

Title: Senayan Library Management System v9.1.0 a.k.a SLIMS 9 SQLi Author: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/download/v9.1.0/slims9bulian-9.1.0.zip Reference:...

CVE-2021-24503

The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still hav...

WordPress Plugin Code Injection Vulnerability (CNVD-2021-59600)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress plugin Browser Screenshots has a code injecti...

GHSA-P66X-2CV9-QQ3V Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

Arbitrary code execution in Apache Commons BeanUtils

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrar...

SQL injection vulnerability in class parameter of Interactive Creation website building system

Interactive Creative Xiamen Digital Technology Co., Ltd. is a brand website construction company in Fujian Province, "Interactive Creative" is one of its independent brands. A SQL injection vulnerability exists in the class parameter of Interactive Creative's website building system. An attacker...

IPS Community Suite PHP Code Injection Vulnerability

IPS Community Suite also known as Invision Power Board, IPB or Power Board is a PHP and MySQL based Web forum program from Invision Power Services IPS. The program makes it easy to create and manage online forums. A PHP code injection vulnerability exists in IPS Community Suite 4.1.12.3 and earli...