CVE-2024-12234 1000 Projects Beauty Parlour Management System edit-customer-detailed.php sql injection

A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack...

WUZHI CMS 代码注入漏洞

WUZHI CMS is a PHP and MySQL based open source content management system CMS from WUZHI. A code injection vulnerability exists in WUZHI CMS version 4.1.0, which originates from a code injection in the add or edit function of the file www/coreframe/app/content/admin/block.php...

CVE-2024-45715

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements...

CVE-2024-45715

The CVE-2024-45715 entry corresponds to a Cross-Site Scripting vulnerability in the SolarWinds Platform, triggered when performing an edit function on existing elements. Connected sources indicate affected versions are SolarWinds Platform prior to 2024.4 (e.g., 2024.2.0 up to before 2024.4) and d...

CVE-2024-45715 SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability

The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements...

CVE-2024-46097

TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplanid parameter to another ID. The application does not carry out a...

PT-2024-25170 · Gunet · Gunet Openeclass E-Learning Platform

Name of the Vulnerable Software and Affected Versions: GUnet OpenEclass E-learning Platform versions 3.15 and before Description: The issue is a cross-site scripting XSS vulnerability that allows an authenticated privileged attacker to execute arbitrary code. This can be achieved via the title an...

CVE-2024-35621

A cross-site scripting XSS vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field...

CVE-2024-31840

An issue was discovered in Italtel Embrace 1.6.4. The web application inserts cleartext passwords in the HTML source code. An authenticated user is able to edit the configuration of the email server. Once the user access the edit function, the web application fills the edit form with the current...

CVE-2024-2354

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclos...

CVE-2023-41506

An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

WordPress plugin WordPress Review & Structure Data Schema Plugin - Review Schema Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin WordPress Review & Structu...

CVE-2023-27923

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2023-27923

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

PT-2023-21422 · Unknown +1 · Vk Blocks Pro +1

Name of the Vulnerable Software and Affected Versions: VK Blocks versions 1.53.0.1 and earlier VK Blocks Pro versions 1.53.0.1 and earlier Description: A cross-site scripting issue in the Tag edit function allows a remote authenticated attacker to inject an arbitrary script. This enables the...

CVE-2023-27923

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script...

CVE-2022-32007

Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=...

Cross site scripting

Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting XSS vulnerability in the Displayname field when using the Add, Edit or Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML...

CVE-2021-42330

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters...

CVE-2020-18455

Cross Site Scripting XSS vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php...