CVE-2025-40831

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report...

CVE-2025-40831

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application lacks input validation of date parameter in report generation functionality. This could allow an authenticated, lowly privileged attacker to cause denial of service condition of the report...

PT-2025-48406

A vulnerability was determined in jairiidriss RestaurantWebsite up to e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654. Impacted is an unknown function of the component Make a Reservation. This manipulation of the argument selected date causes cross site scripting. The attack can be initiated remotely. T...

CVE-2025-52050

In Frappe ERPNext 15.57.5, the function getloyaltyprogramdetailswithpoints at erpnext/accounts/doctype/loyaltyprogram/loyaltyprogram.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the expirydate parameter...

WordPress plugin Mitfahrgelegenheit 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-11983 · Unknown · Sourcecodester Oretnom23 Employee'S Payroll Management System

Name of the Vulnerable Software and Affected Versions: sourcecodester oretnom23 employee's payroll management system version 1.0 Description: The issue allows attackers to execute arbitrary code via the code, title, from date, and to date inputs in the file Main.php. This is a Cross Site Scriptin...

PT-2024-22393 · Unknown · Phpgurukul User Registration & Login/User Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul User Registration & Login and User Management System version 3.1 Description: The issue is related to user input validation in the bwdates-report-result.php file. It retrieves user-provided date inputs without proper validation,...

CVE-2023-34486

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting XSS. Remote code execution can be achieved by entering malicious code in the date selection box...

RUSTSEC-2021-0125 Panic on incorrect date input to `simple_asn1`

Version 0.6.0 of the simpleasn1 crate panics on certain malformed inputs to its parsing functions, including fromder and derdecode. Because this crate is frequently used with inputs from the network, this should be considered a security vulnerability. The issue occurs when parsing the old ASN.1...

GHSA-5JQP-QGF6-3PVH Use of "infinity" as an input to datetime and date fields causes infinite loop in pydantic

Impact Passing either 'infinity', 'inf' or float'inf' or their negatives to datetime or date fields causes validation to run forever with 100% CPU usage on one CPU. Patches Pydantic is be patched with fixes available in the following versions: v1.8.2 v1.7.4 v1.6.2 All these versions are available...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2018-10348)

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, and live chat. ILIAS version 5.3.x before 5.3.4 and version 5.2.x have Services/Form/classes/class.ilDateDurationInputGUI.php and...

Cross site scripting

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date...

CVE-2018-10306

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date...

CVE-2018-10306

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date...

CVE-2018-10306

Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php in ILIAS 5.1.x through 5.3.x before 5.3.4 allow XSS via an invalid date...

CVE-2018-10306

ILIAS CVE-2018-10306 affects the web forms: specifically the files Services/Form/classes/class.ilDateDurationInputGUI.php and Services/Form/classes/class.ilDateTimeInputGUI.php. Versions 5.1.x through 5.3.x before 5.3.4 are vulnerable to cross-site scripting via an invalid date. The issue origina...