96 matches found
CVE-2022-28094
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the fid parameter at booking.php...
CVE-2022-28094
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the fid parameter at booking.php...
CVE-2022-28094
SCBS Online Sports Venue Reservation System v1.0 is affected by a cross-site scripting (XSS) vulnerability via the fid parameter in booking.php. Root cause is unvalidated input leading to script execution. The CVE entry documents this issue; exploitation details, affected versions beyond v1.0, an...
CVE-2022-28094
SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the fid parameter at booking.php...
Online Sports Complex Booking System 跨站脚本漏洞
Online Sports Complex Booking System is an online sports complex booking system by Carlo Montero, an individual developer. A cross-site scripting vulnerability exists in version v1.0 of the Online Sports Complex Booking System, which was discovered to contain a cross-site scripting XSS...
The vulnerability of the “fid” parameter in the Online-Exam-System software allows a violator to execute arbitrary SQL queries.
The vulnerability of the “fid” parameter in the Online-Exam-System software involves a lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries remotely...
Naviwebs Navigate CMS Cross-Site Scripting Vulnerability (CNVD-2020-35976)
Naviwebs Navigate CMS is an open source content management system CMS from Naviwebs, Inc. in the United States. A cross-site scripting vulnerability exists in the query parameter 'fid' in the navigation.php file in Naviwebs Navigate CMS version 2.9 r1433. The vulnerability stems from the WEB...
CVE-2020-14014
An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query parameter fid on the resource navigate.php does not perform sufficient data validation and/or encoding, making it vulnerable to reflected XSS...
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
Exploit Title: School ERP Pro+Responsive 1.0 - 'fid' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link: https://sourceforge.net/projects/school-management-system-php/files/latest/download Software Link: http://erp.arox.in/...
Navigate CMS Cross-Site Scripting Vulnerability
Navigate CMS is an open source content management system CMS. A cross-site scripting vulnerability exists in the 'fid' parameter of the navigate.php file in Navigate CMS version 2.8, which can be exploited by remote attackers to inject arbitrary web script or HTML...
Navigate CMS 2.8 - Cross-Site Scripting
Title: Navigate CMS 2.8 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-09-19 Vendor: https://www.navigatecms.com/en/home Software: Navigate CMS 2.8 CVE: CVE-2018-17255 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the...
PHP Scripts Mall PHP Multivendor Ecommerce Cross-Site Scripting Vulnerability (CNVD-2018-00088)
PHP Multivendor Ecommerce is a shopping cart software from PHP Scripts Mall built on the PHP platform that allows sellers to easily customize and sell their products. A cross-site scripting vulnerability exists in PHP Scripts Mall PHP Multivendor Ecommerce. The vulnerability can be exploited to...
Sql injection
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the mywishlist.php fid parameter...
CVE-2017-17958
PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the mywishlist.php fid parameter...
CVE-2017-17957
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the mywishlist.php fid parameter...
FS Linkedin Clone SQL Injection Vulnerability
FS Linkedin Clone is a set of PHP and MySQL based scripts for job search and recruitment websites. A SQL injection vulnerability exists in FS Linkedin Clone version 1.0. A remote attacker can exploit this vulnerability by sending the 'grid' parameter to the group.php file, the 'fid' parameter to...
CVE-2017-17580
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or companydetails.php id parameter...
CVE-2017-17580
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or companydetails.php id parameter...
SQL Injection Vulnerability in Lazy WorkPass OA Web Intelligent Office System
Lazy work pass OA network intelligent office system is suitable for enterprises and institutions of the general network office software, the system uses B / S operation mode, free version for small and medium-sized enterprises. There is a SQL injection vulnerability in the OA Network Intelligent...
CVE-2014-4584
Cross-site scripting XSS vulnerability in admin/editFacility.php in the wp-easybooking plugin 1.0.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the fID parameter...