CVE-2019-12869

An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-Of-Bounds Read, Information Disclosure, and remote code execution. The attacker needs to get access to an...

CVE-2025-41106

An HTML injection flaw is present in Fairsketch’s RISE CRM Framework v3.8.1 (CVE-2025-41106). The root cause is insufficient validation of user input, enabling HTML code injection via a POST to /clients/save_contact/ with the first_name parameter. Affected product: Fairsketch RISE CRM Framework; ...

CVE-2025-8315 WP Easy Contact <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter

The WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘noaccessmsg’ parameter in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

PT-2025-27316 · Mib3 · Mib3

Name of the Vulnerable Software and Affected Versions: MIB3 unit affected versions not specified Description: The issue concerns the storage of the synchronized phone contact book in clear-text by the MIB3 unit. This allows an attacker with either code execution privilege on the system or physica...

CVE-2025-30970 WordPress Easy Contact plugin <= 0.1.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scottwallick Easy Contact easy-contact allows Reflected XSS.This issue affects Easy Contact: from n/a through = 0.1.2...

CVE-2024-13256 Email Contact - Moderately critical - Access bypass - SA-CONTRIB-2024-020

Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Email Contact prior to version 2.0.4, which stems from the inclusion of an insufficient access control granularity vulnerability...

CVE-2024-54218 WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Plugin Settings Change vulnerability

Missing Authorization vulnerability in Thehp AIO Contact.This issue affects AIO Contact: from n/a through 2.8.1...

CVE-2024-44180

The CVE-2024-44180 entry concerns Apple iOS 18 and iPadOS 18. Affected component: the lock-screen privacy control for contacts. Root cause per sources: inadequate checks allowing an attacker with physical access to potentially access contacts from the lock screen. Impact stated by Apple and corro...

PT-2024-28357 · Phoenix Contact · Charx Sec-3100

Name of the Vulnerable Software and Affected Versions: Phoenix Contact CHARX SEC-3100 affected versions not specified Description: An unauthenticated remote attacker can use this issue to change the device configuration due to a file being writeable for a short time after system startup...

ibizatransitexpress.com Cross Site Scripting vulnerability OBB-3946279

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bstta.or.kr Cross Site Scripting vulnerability OBB-3618680

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2023-5483 · Phoenix Contact · Phoenix Contact Tc Router +2

Name of the Vulnerable Software and Affected Versions: PHOENIX CONTACT TC ROUTER versions prior to 2.07.2 PHOENIX CONTACT TC CLOUD CLIENT versions prior to 2.07.2 PHOENIX CONTACT CLOUD CLIENT 1101T-TX/TX versions prior to 2.06.10 Description: The issue allows an unauthenticated remote attacker to...

CVE-2022-37309

OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name...

nudexxxpictures.org Cross Site Scripting vulnerability OBB-2985435

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

brightsidearts.com Cross Site Scripting vulnerability OBB-2950850

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

admissionex.tnua.edu.tw Cross Site Scripting vulnerability OBB-2677136

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vvcequipment.be Cross Site Scripting vulnerability OBB-1485015

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

nsframe.co.kr Cross Site Scripting vulnerability OBB-1466764

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

mypatos.de Cross Site Scripting vulnerability OBB-1370212

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...