358 matches found
CVE-2026-31354
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
FeehiCMS 安全漏洞
FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type cross-site scripting issue with the Group, Category, or Description parameters in the...
PT-2026-30668
Multiple authenticated stored cross-site scripting XSS vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Group, Category or Description parameters...
CVE-2026-31354
CVE-2026-31354 refers to multiple authenticated stored XSS vulnerabilities in Feehi CMS v2.1.1, specifically in the Permissions module where payloads can be injected via Group, Category, or Description parameters. The issue is confirmed across connected sources (Red Hat CVE entry, ENISA/EUVD entr...
CVE-2026-5325
A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...
CVE-2026-5325
A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...
CVE-2026-5325
CVE-2026-5325 affects SourceCodester Simple Customer Relationship Management System 1.0. The issue lies in the Create Ticket component, specifically in /create-ticket.php where manipulating the Description argument causes cross-site scripting . Remote exploitation is possible, and the exploit has...
SourceCodester Simple Customer Relationship Management System 代码注入漏洞
SourceCodester Simple Customer Relationship Management System is a simple customer relationship management system developed under open source by SourceCodester. Version 1.0 of the SourceCodester Simple Customer Relationship Management System contains a code injection vulnerability. This...
PT-2026-29685
A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...
CVE-2026-33758 OpenBao has Reflected XSS in its OIDC authentication error message
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with callbackmode=direct configured are vulnerable to XSS via the errordescription parameter on the page for a failed...
CVE-2026-31382
The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...
CVE-2026-4626 projectworlds Lawyer Management System lawyer_booking.php cross site scripting
A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyerbooking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the...
PT-2026-27308
Name of the Vulnerable Software and Affected Versions projectworlds Lawyer Management System version 1.0 Description A flaw exists in projectworlds Lawyer Management System 1.0. The issue is related to cross site scripting, triggered by manipulating the Description argument in the /lawyer...
Aix-DB SQL注入漏洞
Aix-DB is an intelligent data analysis and visualization system developed by AiAdventurer developers. Versions of Aix-DB 1.2.3 and earlier have a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter Description in the unknown functions of the file...
CVE-2026-31382
The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...
CVE-2026-31382
The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...
EUVD-2026-9963
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument errordescription results in cross site scripting. The...
CVE-2019-25443
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...
CVE-2019-25443
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...
CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...