EUVD-2024-17028

Malicious code in bioql PyPI...

EUVD-2025-26170

Malicious code in bioql PyPI...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file createaccount.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched...

CVE-2024-1267 CodeAstro Restaurant POS System create_account.php cross site scripting

A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file createaccount.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched...

CVE-2024-1267

The connected documents confirm CVE-2024-1267 affects CodeAstro Restaurant POS System v1.0, where the file create_account.php is vulnerable through manipulation of the Full Name parameter, causing cross-site scripting. The vulnerability can be exploited remotely and the exploit has been publicly ...

CVE-2014-5105

Multiple cross-site scripting XSS vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 acountry parameter in a process action to affiliatesignup.php or 2 entrycountryid parameter in an edit action to admin/createaccount.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 acountry parameter in a process action to affiliatesignup.php or 2 entrycountryid parameter in an edit action to admin/createaccount.php...

CVE-2014-5105

The CVE-2014-5105 entry concerns OL-Commerce 2.1.1 with two reflected XSS vectors: (1) a_country in process action to affiliate_signup.php and (2) entry_country_id in edit action to admin/create_account.php. The underlying issue is cross-site scripting due to unsanitized input in these parameters...

CVE-2014-5104

Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 acountry parameter in a process action to affiliatesignup.php, 2 affiliatebannerid parameter to affiliateshowbanner.php, 3 country parameter in a process action to...

CVE-2010-4851

Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the 1 ref or 2 pollid parameter to index.php, or the 3 country parameter to createaccount.php...

[NOBYTES.COM: #12] osCommerce 2.2rc2a - Information Disclosure

Application: osCommerce 2.2rc2a Authors Site: http://www.oscommerce.com/ +--------------------------------------------------------------+ Information Disclosure: Manipulation of the 'DOB' Variable on createaccount.php can cause information disclosure: In this example the POST variable 'DOB' has...

oscom-disclose.txt

Application: osCommerce 2.2rc2a Authors Site: http://www.oscommerce.com/ +--------------------------------------------------------------+ Information Disclosure: Manipulation of the 'DOB' Variable on createaccount.php can cause information disclosure: In this example the POST variable 'DOB' has...