EUVD-2026-33835

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

CVE-2026-10295 SourceCodester Customer Review App review_app.py get_all_reviews denial of service

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

CVE-2026-10295 SourceCodester Customer Review App review_app.py get_all_reviews denial of service

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function addreview/savereview/getallreviews of the file reviewapp.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local approac...

PT-2026-45638

A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add review/save review/get all reviews of the file review app.py. Performing a manipulation of the argument name/comment results in denial of service. The attack requires a local...

CVE-2026-40928 AVideo: Missing CSRF Protection on State-Changing JSON Endpoints Enables Forced Comment Creation, Vote Manipulation, and Category Asset Deletion

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

CVE-2021-24800

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments...

CVE-2024-10433 Project Worlds Simple Web-Based Chat Application index.php cross site scripting

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched...

PT-2022-14032 · WordPress · Stop Comment Spam

Name of the Vulnerable Software and Affected Versions: Stop Spam Comments WordPress plugin versions 0.2.1.2 and earlier Description: The issue arises from the improper generation of the Javascript access token, which is intended to prevent abuse of the comment section. This allows threat authors ...

WordPress 插件跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. cross-site request forgery vulnerability exists in...

Cross Site Request Forgery (CSRF)

phpMyFAQ/phpMyFAQ is vulnerable to cross-site request forgery CSRF. The vulnerability exists because it does not check CSRF token properly in user.php, allowing the attacker to delete any active user, to remove open questions, to manipulate FAQ and FAQ news, to add votes and to add or delete...

CVE-2017-8780

GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element...

EcShop冒充任意用户发商品评论，合理利用可操纵网店舆论

简要描述： 登录用户可以冒充任意其他注册用户对任意商品发表评论，合理利用可操纵网店舆论 详细说明： 漏洞代码在comment.php的287行处： $username = empty$cmt-username ? $SESSION'username' : trim$cmt-username; $cmt是一个json数据结构，在comment.php的37行处赋值： $cmt = $json-decode$REQUEST'cmt'; 由此可见，这里只要用户提交了"username":"any user account"的json code，就能冒充任意用户发表对指定商品的评论！ 漏洞证明：...