CVE-2020-37243

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

CVE-2020-37243 WordPress Plugin Supsystic Pricing Table 1.8.7 SQL Injection XSS

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

PT-2026-41443

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl action. The plugin also contains stored cross-site scripting vulnerabilities in the 'Edit name' and...

CVE-2026-2965 07FLYCMS/07FLY-CMS/07FlyCRM System Extension edit.html cross site scripting

A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extension Module. Performing a manipulation of the argument Title results in cross site scripting. The...

CVE-2025-2975

A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated...

OpenUI 跨站脚本漏洞

OpenUI is a UI program open-sourced by Weights & Biases. A cross-site scripting vulnerability exists in OpenUI, which stems from a stored cross-site scripting vulnerability in the Edit HTML function that could lead to the theft of a user's alert history and other sensitive information...

XSS in the edit HTML

This report is not public...

Pricing Table by Supsystic < 1.9.0 - Authenticated Stored Cross-Site Scripting

The label and datahtml POST parameter are not properly sanitised and escaped before being saved and output back in the page, leading to stored Cross-Site Scripting issues v alert1alert1 instead of the one above v 1.9.0, the edit HTML feature was removed client side but a crafted request could sti...

nc-cms cross-site scripting vulnerability (CNVD-2018-21238 )

nc-cms is a PHP-based embeddable lightweight CMS Content Management System. A cross-site scripting vulnerability exists in the index.php?action=edithtml page in nc-cms 2017-03-10 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the...

CVE-2018-18361

An issue was discovered in nc-cms through 2017-03-10. index.php?action=edithtml allows XSS via the name parameter, as demonstrated by a value beginning with homecontent and containing a crafted SRC attribute of an IMG element...