210 matches found
CVE-2026-1493
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...
CVE-2019-25728
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ckconfig cookie parameter. Attackers can inject malicious SQL through the ckconfig cookie in multiple endpoints including login.php, indexframe.php...
CVE-2019-25729
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shellex...
CVE-2019-25729
CVE-2019-25729 : PDF Signer 3.0 is affected by a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code via the CSRF-TOKEN cookie parameter. Attackers can craft cookie values containing template payloads (e.g., shell_exec()) to run system comm...
PT-2026-46199
PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie parameter. Attackers can craft malicious cookie values containing template injection payloads like shell...
Care2x SQL注入漏洞
Care2x is a hospital information management system developed by Care2x Corporation. Version 2.7 of Care2x contains an SQL injection vulnerability. This vulnerability stems from improper handling of the ckconfig cookie parameter, which may allow unauthenticated attackers to execute arbitrary SQL...
CVE-2026-38930
OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...
CVE-2026-38930
OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...
CVE-2026-38930
OpenRapid RapidCMS v1.3.1 has an authentication bypass in /template/default/menu.php. The issue arises from injecting a crafted SQL payload into the name cookie parameter, enabling bypass of authentication. Documentation indicates a network-level vector with low confidentiality/integrity impact (...
PT-2026-44038
OpenRapid RapidCMS v1.3.1 was discovered to contain an authentication bypass in the /template/default/menu.php component. This vulnerability is exploited via injecting a crafted SQL payload into the name cookie parameter...
OpenRapid RapidCMS 安全漏洞
OpenRapid RapidCMS is a fast, simple, and useful CMS system developed under the OpenRapid open-source framework. Version 1.3.1 of OpenRapid RapidCMS contains a security vulnerability. This vulnerability stems from a flaw in the /template/default/menu.php component, where authentication bypasses a...
EUVD-2026-30813
FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting XSS vulnerability through the fsNick cookie parameter. The application reflects the cookie's value directly into the HTML without sanitization. The fsNick cookie ...
EUVD-2021-34802
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47941 WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47941
The CVE-2021-47941 vulnerability affects WordPress Plugin Survey & Poll 1.5.7.3, where an SQL injection is possible via the wp_sap cookie parameter. The issue allows unauthenticated attackers to craft SQL payloads in the cookie to extract sensitive data (usernames, passwords, and other confidenti...
CVE-2026-1493
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...
CVE-2026-1493
CVE-2026-1493 affects LEX Baza Dokumentów. It is a DOM-based XSS in the em cookie parameter, where the application unsafely processes the cookie on the client side, allowing a malicious actor who can set a cookie to execute arbitrary JavaScript in the victim’s browser. The documented impact is li...
CVE-2026-1493 Cross-Site Scripting in LEX Baza Dokumentów
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...
CVE-2026-1493 Cross-Site Scripting in LEX Baza Dokumentów
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...