178 matches found
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
Hotel Management System 安全漏洞
Hotel Management System is a hotel management system based MIS project by Prem Chand Saini, an individual developer in India. A security vulnerability exists in Hotel Management System version 87e004a, which stems from an unfiltered error parameter in the room.php file, which could lead to a...
PT-2025-52345
Name of the Vulnerable Software and Affected Versions yohanawi Hotel Management System version 87e004a Description A Reflected Cross-Site Scripting XSS issue exists in yohanawi Hotel Management System. This allows a remote attacker to execute arbitrary web script through the error parameter in th...
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
CVE-2025-63949
A Reflected Cross-Site Scripting XSS vulnerability in yohanawi Hotel Management System commit 87e004a allows a remote attacker to execute arbitrary web script via the 'error' parameter in pages/room.php...
CVE-2025-63949
CVE-2025-63949 describes a reflected XSS in the yohanawi Hotel Management System. All connected documents identify the vulnerability as caused by an unfiltered input in the error parameter of the pages/room.php endpoint, with the commit noted as 87e004a. The impact is remote code execution of arb...
Cross-Site Scripting (XSS)
spotipy is vulnerable to cross-site scripting XSS. The vulnerability is due to improper sanitization of the error parameter in the OAuth callback server, which allows an attacker to inject and execute arbitrary JavaScript in the user's browser during OAuth authentication...
EUVD-2025-201846
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...
CVE-2025-42896 Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform
SAP BusinessObjects Business Intelligence Platform lets an unauthenticated remote attacker send crafted requests through the URL parameter that controls the login page error message. This can cause the server to fetch attacker-supplied URLs, resulting in low impact to confidentiality and integrit...
CVE-2025-66040
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting XSS vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's brows...
CVE-2025-63528
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
EUVD-2025-199770
Spotipy has a XSS vulnerability in its OAuth callback server...
GHSA-R77H-RPP9-W2XM Spotipy has a XSS vulnerability in its OAuth callback server
Summary XSS vulnerability in OAuth callback server allows JavaScript injection through unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. Details Vulnerable Code: spotipy/oauth2.py lines 1238-1274 RequestHandler.doGET The...
CVE-2025-63534
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and...
CVE-2025-63528
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...
CVE-2025-63528
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...
CVE-2025-63528
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...
CVE-2025-63528
A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the erro...