CVE-2022-30776

atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter...

CVE-2021-25112

The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting...

CVE-2021-42566

myfactory.FMS before 7.1-912 allows XSS via the Error parameter...

CVE-2021-24196

The Social Slider Widget WordPress plugin before 1.8.5 allowed Authenticated Reflected XSS in the plugin settings page as the ‘tokenerror’ parameter can be controlled by users and it is directly echoed without being sanitized...

CVE-2005-3397

Cross-site scripting XSS vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersusbackofficesupportError.asp. NOTE: the comersusbackofficemessage.asp/message vector is already covered by CVE-2005-2191 item 2...

CVE-2009-1785

Cross-site scripting XSS vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

The vulnerability of the TypeScript-based authentication library Better Auth, related to the lack of protective measures for website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the TypeScript-based authentication library Better Auth relates to the lack of measures taken to protect the website structure when processing the error parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

CVE-2024-48761

Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter...

Celk Sistemas Celk Saude 安全漏洞

Celk Sistemas Celk Saude is a health sector management software from Celk Sistemas, Brazil. A security vulnerability exists in Celk Sistemas Celk Saude version 3.1.252.1, which stems from improper validation or cleanup of erro parameters, resulting in vulnerability to injection attacks...

CVE-2024-51182

CVE-2024-51182 affects Celk Sistemas Celk Saude v3.1.252.1. The vulnerability is an HTML injection via the erro parameter, enabling a remote attacker to inject arbitrary HTML code and potentially manipulate renderings. CVSS 3.1 base score 6.1 (Network, Privileges None, User Interaction Required; ...

native-php-cms 安全漏洞

native-php-cms is a website builder system for FLi individual developers. A security vulnerability exists in version 1.0 of native-php-cms, which stems from improper manipulation of the message/error parameter in the file /fladmin/jump.php, and is susceptible to cross-site scripting attacks...

WordPress SEO Keywords plugin <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter vulnerability

Reflected Cross-Site Scripting via googleerror Parameter vulnerability discovered by vgo0 in WordPress Plugin seo-keywords versions = 1.1.3...

PT-2025-1758 · WordPress · Seo Keywords

Name of the Vulnerable Software and Affected Versions: SEO Keywords plugin for WordPress versions up to and including 1.1.3 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages through...

PT-2024-17262 · WordPress · Pkt1 Centro De Envios

Name of the Vulnerable Software and Affected Versions: PKT1 Centro de envios plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated...

PT-2024-34411 · Unknown · M2000 Smart4Web

Name of the Vulnerable Software and Affected Versions: M2000 Smart4Web versions prior to 5.020241004 Description: The issue allows a remote attacker to execute arbitrary code via the error parameter in the URL. This is a Cross Site Scripting vulnerability, which can lead to the execution of...

Smart4Web 安全漏洞

Smart4Web is a content management system from Smart4Web, Inc. A security vulnerability exists in versions prior to Smart4Web v.5.020241004. A remote attacker can exploit this vulnerability to execute arbitrary code via the error parameter in the URL...

CVE-2024-44796

A cross-site scripting XSS vulnerability in the component /auth/AzureRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the errordescription parameter...

CVE-2024-41241

A Reflected Cross Site Scripting XSS vulnerability was found in " /smsa/adminlogin.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter...

CVE-2024-41242

A Reflected Cross Site Scripting XSS vulnerability was found in /smsa/studentlogin.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter...

CVE-2024-41241

A Reflected Cross Site Scripting XSS vulnerability was found in " /smsa/adminlogin.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via "error" parameter...