EUVD-2022-55987

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

CVE-2022-50968

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

CVE-2022-50966 uBidAuction 2.0.1 news manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the news/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

CVE-2022-50962 uBidAuction 2.0.1 myOrders Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

WordPress CM Custom Reports plugin <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters vulnerability

Reflected Cross-Site Scripting via 'datefrom' and 'dateto' Parameters vulnerability discovered by san6051 - PWC in WordPress Plugin CM Custom WordPress Reports and Analytics versions = 1.2.7...

EUVD-2026-10100

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-2431

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-2431

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2026-2431 CM Custom Reports <= 1.2.7 - Reflected Cross-Site Scripting via 'date_from' and 'date_to' Parameters

The CM Custom Reports plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'datefrom' and 'dateto' parameters in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Reflected XSS in date

Description There is a reflective XSS on the FOSSBilling admin screen. Proof of Concept By accessing the following URL, it is possible to execute any script on the browser of the logged-in administrator user. URL:...

CVE-2023-29985

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.phpdatefrom has a SQL Injection vulnerability...

CVE-2023-29985

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.phpdatefrom has a SQL Injection vulnerability...

Student Study Center Desk Management System SQL注入漏洞

Student Study Center Desk Management System is a student study center desk management system. A SQL injection vulnerability exists in Student Study Center Desk Management System v1.0, which originates from the lack of validation of externally entered SQL statements in adminreportsindex.phpdatefro...

PrestaShop cross-site scripting vulnerability (CNVD-2020-25939)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in the 'datefrom' and 'dateto' parameters...

CVE-2020-5271

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with datefrom and dateto parameters in the dashboard page This problem is fixed in 1.7.6.5...

CVE-2020-5271

In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflected XSS with datefrom and dateto parameters in the dashboard page This problem is fixed in 1.7.6.5...

CVE-2017-15867

Multiple cross-site scripting XSS vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 datefrom, 2 dateto, 3 userid, 4 username, 5 countryname, 6 browser, 7 operatingsystem, or 8 ipaddress parameter to...

CVE-2017-15867

The CVE-2017-15867 case concerns the WordPress User Login History plugin (versions up to 1.5.2). The issue is a Cross-Site Scripting (XSS) vulnerability where user-supplied HTTP GET parameters (date_from, date_to, user_id, username, country_name, browser, operating_system, ip_address) are inserte...

AlienVault OSSIM SQL Injection / Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "AlienVault OSSIM SQL Injection and Remote Code Execution", 'Description' = %q This module exploits an unauthenticated SQL injection...

Sql injection

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management OSSIM 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the datefrom parameter to 1 radar-iso27001-potential.php, 2 radar-iso27001-A12ISacquisition-pot.php, 3...