CVE-2025-55737

flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, when deleting a comment, there's no validation of the ownership of the comment. Every user can delete an arbitrary comment of another user on every post, by simply intercepting the delete request and changing the commentID. The code...

Cross site scripting

Cross-site scripting XSS vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppamanagecomments edit action...

CVE-2013-3254

The CVE-2013-3254 entry describes a Cross-site Scripting (XSS) vulnerability in the WP Photo Album Plus WordPress plugin's admin interface. Specifically, wp-admin/admin.php is vulnerable in versions before 5.0.3 via the commentid parameter used in the wppa_manage_comments edit action, allowing re...

CVE-2013-3254

Cross-site scripting XSS vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppamanagecomments edit action...

Particle Gallery <= 1.0.1 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ====================================================== Particle Gallery setvar"COMMENTID", ""; if $GET"editcomment" "" $sql = "SELECT FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure$GET"editcomment"; $cme = $db-execute$sql; i...