360 matches found
CVE-2025-9434
The CVE-2025-9434 issue affects 1000projects Online Project Report Submission and Evaluation System 1.0. A cross-site scripting vulnerability exists in the file path /admin/edit_title.php?id=1 when the desc parameter is manipulated. The vulnerability can be exploited remotely, and public disclosu...
U.S. Dept Of Defense: Cross-Site Scripting via 'EVENT_DESCRIPTION' parameter
A Cross-Site Scripting XSS vulnerability was discovered in the POST method on the website, specifically through the EVENTDESCRIPTION parameter. Exploitation of this vulnerability could have led to severe consequences, including session hijacking. The vulnerability was caused by insufficient...
TOTOLINK A3300R Command Injection Vulnerability
TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.596B20250515, which stems from the mac and desc parameters failing to correctly filter constructed command special characters, commands, a...
The vulnerability of the sub_4197C0() function in TOTOLINK A3300R router microprogramming software allows a intruder to execute arbitrary commands.
The vulnerability of the sub4197C0 function in TOTOLINK A3300R router microprogramming systems is related to the lack of measures taken to neutralize special elements during the processing of mac and desc parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
CVE-2025-52046
Totolink A3300R V17.0.0cu.596B20250515 was found to contain a command injection vulnerability in the sub4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...
CVE-2025-7558
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/positionsadd.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit...
Notice Board System manage-notices.php file cross-site scripting vulnerability
Notice Board System is a bulletin board system. Notice Board System has a cross-site scripting vulnerability, the vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameters Title/Description in the file /admin/manage-notices.php, which can be...
Complaint Management System /admin/edit-state.php File SQL Injection Vulnerability
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter description in the /admin/edit-state.php file. An attacker can explo...
iSoluçõesWEB SoluçõesCoop 代码注入漏洞
iSoluçõesWEB SoluçõesCoop is a management system for iSoluçõesWEB in Brazil. A code injection vulnerability exists in iSoluçõesWEB SoluçõesCoop 20250519 and earlier versions, which results from a cross-site scripting attack due to incorrect manipulation of the Descrição da solicitação parameter o...
PHPGurukul Complaint Management System 注入漏洞
Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter description in the /admin/edit-category.php file. An attacker can...
pixelimity 注入漏洞
pixelimity is pixelimity open source a content management system . pixelimity 1.0 version of an injection vulnerability , the vulnerability stems from the file /install/index.php parameter sitedescription in the wrong operation leads to SQL injection...
CVE-2024-40473
A Stored Cross Site Scripting XSS vulnerability was found in "managehouses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via "Houseno" and "Description" parameter fields...
CVE-2024-32745
A cross-site scripting XSS vulnerability in the Settings section of WonderCMS v3.4.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the PAGE DESCRIPTION parameter under the CURRENT PAGE module...
CVE-2023-1593
A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=saveclass. The manipulation of the argument description leads to cross site scripting...
CVE-2022-34561
A cross-site scripting XSS vulnerability in PHPFox v4.8.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter...
CVE-2022-22850
A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the description parameter in roomtypes...
CVE-2020-23052
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting XSS vulnerabilities in the component groupfiles.php via the Number Nombre and Description Descripción parameters...
CVE-2019-17491
Jiangnan Online Judge aka jnoj 0.8.0 has XSS via the Problemdescription parameter to web/admin/problem/create or web/polygon/problem/update...
CVE-2018-20601
UCMS 1.4.7 has XSS via the description parameter in an index.php listeditpost action...
Intelbras RF 301K 代码注入漏洞
The Intelbras RF 301K is a wireless router from Intelbras Brazil. A code injection vulnerability exists in the Intelbras RF 301K version 1.1.5, which stems from the Add Static IP component mishandling the parameter Description, which could lead to a cross-site scripting attack...