Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /server-islands/name endpoint when handling the e, s and p parameters. An attacker can execute...

EUVD-2018-4872

Malware in sbrugna...

CVE-2025-57765 WeGIA Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_adotante.php' parameter 'msg_e'

WeGIA is a Web manager for charitable institutions. Prior to 3.4.7, a Reflected Cross-Site Scripting XSS vulnerability was identified in the precadastroadotante.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge parameter. This...

CVE-2014-4849

Multiple cross-site scripting XSS vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the 1 e or 2 r parameter...

WordPress plugin Financial Stocks & Crypto Market Data Plugin 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

Code-Projects Job Recruitment 跨站脚本漏洞

Code-Projects Job Recruitment is an open source job portal from Code-Projects. A cross-site scripting vulnerability exists in Code-Projects Job Recruitment version 1.0, which stems from a cross-site scripting vulnerability in the e parameter of the /register.php page...

PT-2024-34559 · Sourcecodester · Sourcecodester Event Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Event Registration System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file "/registrar/?page=registration". The manipulation of the e argument leads to SQL injection. ...

PT-2024-34562 · Sourcecodester · Sourcecodester Event Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Event Registration System version 1.0 Description: A vulnerability was found in the system, affecting an unknown functionality of the file "/registrar/?page=registration". The manipulation of the argument e leads to cross site...

PT-2024-12147 · Easyxdm · Easyxdm

Name of the Vulnerable Software and Affected Versions: easyXDM version 2.5 Description: The issue allows for cross-site scripting XSS attacks via the xdm e parameter. This means an attacker could potentially inject malicious scripts into a website, affecting users who visit the site...

PT-2024-13965 · Unknown · Online Notice Board System

Name of the Vulnerable Software and Affected Versions: Online Notice Board System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. Specifically, the e parameter of the "login.php" resource does not validate the characters received, and they are...

CraftedWeb Cross-Site Scripting Vulnerability

CraftedWeb is a CMS Content Management System for game servers. A cross-site scripting vulnerability exists in the aaspincludes/pages/notice.php file in versions of CraftedWeb prior to 2013-09-24. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'e'...

CVE-2018-12919

In CraftedWeb through 2013-09-24, aaspincludes/pages/notice.php allows XSS via the e parameter...

CVE-2010-4796

Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 provinceid parameter to search.php and the 2 e parameter to resumeview.php...

Sql injection

Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the 1 provinceid parameter to search.php and the 2 e parameter to resumeview.php...

PT-2005-5482 · Unknown · Land Down Under

Name of the Vulnerable Software and Affected Versions: Land Down Under LDU versions v801 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via parameters including 1 the m parameter in "auth.php", 2 the f parameter in "events.php", ...