CVE-2026-48217

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48217 Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48217

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48217 Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

EUVD-2026-31300

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...

CVE-2026-48217

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in delete_module.php. The vulnerability allows an authenticated attacker to inject arbitrary JavaScript by passing unsanitized values through POST parameters module_choice, flag, and confirmation, which are then rendered into HTML c...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of cleanup in the deletemodule.php file, allowing multiple POST paramete...

UBUNTU-CVE-2022-50538

In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fakeinit In fakeinit, rootdeviceregister is possible to fail but it's ignored, which can cause unregistering vmeroot fail when exit. general protection fault, probably for non-canonical address...

FreePBX 路径遍历漏洞

FreePBX formerly known as Asterisk Management Portal is a suite of tools from the FreePBX project for configuring Asterisk an IP telephony system via a GUI web-based graphical interface. A path traversal vulnerability exists in FreePBX versions 15, 16, and 17, which stems from a malicious...

UBUNTU-CVE-2022-49796

In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix potential null-ptr-deref on tracearray in kprobeeventgentestexit When testgenkprobecmd failed after kprobeeventgencmdend, it will goto delete, which will call kprobeeventdelete and release the corresponding...

PT-2024-16998 · WordPress · Cluevo Lms

Name of the Vulnerable Software and Affected Versions: CLUEVO LMS, E-Learning Platform plugin for WordPress versions up to, and including, 1.13.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the cluevo render module ui function...

CVE-2022-48870 tty: fix possible null-ptr-defer in spk_ttyio_release

In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spkttyiorelease Run the following tests on the qemu platform: syzkaller: modprobe speakupaudptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node MAJOR 10,...

PT-2023-27056 · Unknown · Tvcmsvideotab

Name of the Vulnerable Software and Affected Versions: theme volty tvcmsvideotab versions up to 4.0.0 Description: The issue is a SQL injection vulnerability. It occurs via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run. Recommendations: For versions up to 4.0.0, as a temporar...

SQL Injection

tribalsystems/zenario is vulnerable to SQL injection. The vulnerability exists due to a lack of sanitization of the ID input field of ajax.php in the Pugin library - delete module...

CVE-2021-26830

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...

Sql injection

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...

CVE-2019-9049

An issue was discovered in Pluck 4.7.9-dev1. There is a CSRF vulnerability that can delete modules via a /admin.php?action=moduledelete&var1= URI...

Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal

Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the 1 pkcs11.addmodule and 2 pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module...