Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the FeedbackForm and insertnewfeedback paths in backend/openwebui/models/feedbacks.py. An attacker can forge feedback...

EUVD-2018-10473

Malware in sbrugna...

EUVD-2024-47036

Malicious code in bioql PyPI...

CVE-2025-28121

code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting XSS in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code...

WordPress Plugin User Feedback Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-27111

JfinalCMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it...

CVE-2013-2246

mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a...