Revive Adserver: Reflected XSS via clientid parameter in zone‑include.php

Vulnerability description not provided...

Revive Adserver: Blind SQL injection via clientid parameter in zone‑include.php

Vulnerability description not provided...

EUVD-2005-2637

Malware in sbrugna...

EUVD-2020-6036

Malware in sbrugna...

EUVD-2025-31562

Malicious code in bioql PyPI...

EUVD-2025-28694

Malicious code in bioql PyPI...

CVE-2025-10344

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'...

CVE-2025-10344

CVE-2025-10344 describes a stored HTML-injection vulnerability in Perfex CRM v3.2.1. The issue arises from insufficient validation of user input in the API at the endpoint /projects/project/x, where HTML can be injected via the POST parameters named, clientid. The core impact is stored HTML injec...

Perfex CRM 跨站脚本漏洞

Perfex CRM is a customer relationship management software from Perfex CRM open source. It is used to manage customers, projects and create invoices in the cloud. A cross-site scripting vulnerability exists in Perfex CRM version 3.2.1, which stems from insufficient validation of user input for the...

PT-2025-39817

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the /projects/project/...

CVE-2025-5929

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2025-5929

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

CVE-2025-5929

CVE-2025-5929 – The Countdown WordPress plugin is reported to have a Stored Cross-Site Scripting vulnerability via the clientId parameter in versions up to and including 2.0.1. The vulnerability requires authentication at Contributor level or higher, and could allow an attacker to inject scripts ...

CVE-2025-5929 The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter

The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acces...

Code injection

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker woul...

SQL Injection Vulnerability in Mixcall Seat Management System check_fieldvalue Function

Mixcall seat management system is based on B/S architecture, the management personnel can directly log into the Mixcall seat management center through the computer, and view the detailed situation related to the seat personnel's voice services. A SQL injection vulnerability exists in the...

cheapcars.nl XSS vulnerability

Vulnerable URL:...

CVE-2005-2636

SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter...