14 matches found
PT-2026-35340
A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...
CVE-2026-3240
In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with...
CVE-2026-23797
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
CVE-2026-23797 Plaintext password display in Quick.Cart
In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...
WordPress Plugin Welcart e-Commerce SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
CVE-2020-20918
An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...
GHSA-FQCV-RFP6-WV92 Microweber Cross-site Scripting vulnerability
Microweber 1.3.4 and prior is vulnerable to stored cross-site scripting via an alert on the Editing page. This issue is fixed in commit 42efa981a2239d042d910069952d6276497bdcf1...
Microweber Cross-site Scripting vulnerability
Microweber 1.3.4 and prior is vulnerable to stored cross-site scripting via an alert on the Editing page. This issue is fixed in commit 42efa981a2239d042d910069952d6276497bdcf1...
PT-2023-23310 · Unknown · Microweber
Name of the Vulnerable Software and Affected Versions: microweber/microweber versions prior to 2.0 microweber versions 1.3.4 and prior Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository microweber/microweber. This type of attack occurs when an applicatio...
Stored XSS on Multiple Edit Page
Description A stored XSS with alert on Editing page. \ I clone repo from master branch and build with docker. Footer show: Version: 1.3.4 Proof of Concept Request image Request raw: POST /api/saveedit HTTP/1.1 Host: 192.168.125.131 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0...
CVE-2021-41974
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission...
New Relic: Emails and alert policies can be altered by malicious users.
Recreate Steps 1 Create Two Accounts 2 In separate browsers Firefox and Chrome log into each account and go to the edit page a https://rpm.newrelic.com/users//edit 3 Check one of the email or alert boxes and click save. Gather the post. a Should be similar to this:...
Command injection
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMANDPATTERN and TESTRUNNER in the pageContent parameter when editing a page...
CVE-2013-0807
Cross-site scripting XSS vulnerability in the NewSectionPrompt function in include/tool/editingpage.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a newsection action to index.php...