3847 matches found
CVE-2026-34229
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
EUVD-2019-20079
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672
PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...
CVE-2019-25672
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
PT-2026-30481
PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...
CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit...
CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment
MyBB My Arcade Plugin 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through arcade game score comments. Attackers can add crafted HTML and JavaScript payloads in the comment field that execute when other users view or edit...
MyBB My Arcade Plugin 跨站脚本漏洞
The MyBB My Arcade Plugin is a forum download plugin developed by MyBB Corporation. Version 1.3 of the MyBB My Arcade Plugin contains a cross-site scripting vulnerability. This vulnerability arises from improper cleaning of input data in the arcade game score comment field, which may allow...
CVE-2026-34229
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
EUVD-2026-18899
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
CVE-2026-34229
CVE-2026-34229 affects Emlog prior to version 2.6.8, with a stored XSS in the comment module triggered via bypass of URI scheme validation. The underlying issue is a URI scheme validation bypass, allowing injection of script payloads into comments. The vulnerability is addressed in version 2.6.8 ...
CVE-2026-34229
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
PT-2026-30264
Emlog is an open source website building system. Prior to version 2.6.8, there is a stored cross-site scripting XSS vulnerability in emlog comment module via URI scheme validation bypass. This issue has been patched in version 2.6.8...
emlog 跨站脚本漏洞
Emlog is an open-source CMS website building system based on PHP and MySQL. Versions of Emlog prior to 2.6.8 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-based cross-site script in the comment module, which could lead to cross-site scripting attacks...
CVE-2026-34243 wenxian: Command Injection in GitHub Actions Workflow via `issue_comment.body`
wenxian is a tool to generate BIBTEX files from given identifiers DOI, PMID, arXiv ID, or paper title. In versions 0.3.1 and prior, a GitHub Actions workflow uses untrusted user input from issuecomment.body directly inside a shell command, allowing potential command injection and arbitrary code...
CVE-2026-34243
CVE-2026-34243 affects the Wenxian tool (versions up to 0.3.1 and earlier) where a GitHub Actions workflow uses untrusted input from issue_comment.body directly inside a shell command, enabling command injection and potential arbitrary code execution on the runner. The vulnerability stems from in...