CVE-2020-27237

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the The nomenclature parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this...

CVE-2020-27238

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3. The code parameter in the getAssets.jsp page is vulnerable to unauthenticated SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

CVE-2021-27695

Multiple stored cross-site scripting XSS vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters...

CVE-2020-29143

A SQL injection vulnerability in interface/reports/nonreported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...

OpenEMR SQL注入漏洞

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A SQL injection vulnerability exists in interface/reports/immunizationreport.php in OpenEMR versions prior to 5.0.2.5. A remote authenticated attacker can exploit this vulnerability to execute...

nopCommerce 跨站脚本漏洞

nopCommerce is an open source e-commerce shopping cart software. A reflective cross-site scripting vulnerability exists in the Discount Coupon component in nopCommerce 4.30. An attacker can exploit this vulnerability to inject arbitrary web script or HTML via the...

CVE-2020-27974

NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUSSCMBlockStart.php?code= XSS...

Dolibarr Cross-Site Scripting Vulnerability (CNVD-2020-10498)

Dolibarr ERP/CRM is an open source software/freeware for small and medium-sized businesses, organizations or freelancers. It includes different features such as Enterprise Resource Planning ERP and Customer Relationship Management CRM, as well as applications for other different activities. A...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

Design/Logic Flaw

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

UBUNTU-CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

CVE-2020-9016

Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header...

PT-2020-20431 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 11.0 Description: The issue allows for XSS attacks through the joinfiles, topic, or code parameter, or the HTTP Referer header. Recommendations: For Dolibarr version 11.0, consider restricting access to the vulnerable...

CVE-2020-5308

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php...

CVE-2020-5307

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in...

CVE-2019-15072

The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting XSS vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities...

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2019-13598

LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port3480/datarequest because the "No unsafe lua allowed" code block is skipped...

SQL injection vulnerability in Code parameter of website building system of Guangzhou Baiwei Network Technology Co.

Guangzhou Baiwei Network Technology Co., Ltd. is a company dedicated to website construction, enterprise mailbox, domain name space and server, and other service projects. There is a SQL injection vulnerability in the Code parameter of the website building system of Guangzhou Baiwei Network...

CVE-2019-3579

MyBB 1.8.19 allows remote attackers to obtain sensitive information because it discloses the username upon receiving a password-reset request that lacks the code parameter...