CVE-2026-9471 yashpokharna2555 StudentManagementSystem student.php cross site scripting

A vulnerability was detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file /student.php. Performing a manipulation of the argument FIRSTNAME results in cross site scripting. The attack can be initiated remotely...

EUVD-2026-31700

A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirmloggedin of the file studenttrans.php. Such manipulation of the argument FIRSTNAME/LastName/EMAIL leads to sql injection. It is possibl...

CVE-2026-7448

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'firstname' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2026-27201

The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...

CVE-2026-7296 SourceCodester Pizzafy Ecommerce System ajax.php save_order cross site scripting

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function saveorder of the file /admin/ajax.php?action=saveorder. Performing a manipulation of the argument firstname results in cross site scripting. Remote exploitation of the attack is possible. The explo...

Projectworlds Online Lawyer Management System 代码注入漏洞

Projectworlds Online Lawyer Management System is an online lawyer management system developed by Projectworlds Company in India. Version 1.0 of the Projectworlds Online Lawyer Management System has a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter...

itsourcecode Online Frozen Foods Ordering System SQL注入漏洞

itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the parameter FirstName in the file admin/admin/editemployee.php. Th...

EUVD-2022-37889

Malicious code in bioql PyPI...

CVE-2024-54994

MonicaHQ v4.1.2 is affected by multiple client-side injection vulnerabilities in the Add a new relationship feature, exploitable via the first_name and last_name parameters. The CVE entry (CVE-2024-54994) lists a CVSS v3.1 base score of 6.5 (Medium) with network attack vector, low complexity, no ...

CVE-2023-1031

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...

Code injection

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...

CVE-2023-30790

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/relationships endpoint and firstname and lastname parameter...

CVE-2023-1031

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the settings endpoint and firstname parameter...

CVE-2022-34991

Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the firstname and lastname parameters...

CVE-2021-40924

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the firstname parameter...

CVE-2021-40924

Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the firstname parameter...

Chikitsa 2.0.0 Cross Site Scripting

Exploit Title: XSS-Stored - Brutal PWNED on Chikitsa 2.0.0 parameter "firstname" Author: nu11secur1ty Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r Date: 08.09.2021 Vendor: https://chikitsa.net/ Link: https://sourceforge.net/projects/chikitsa/ CVE: CVE-2021-38152 + Exploit Source:...

CVE-2019-15092

The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the userurl, displayname, firstname, and lastname columns in an exported CSV file created by the WFCustomerImpExpCsvExporter class...

Square: Reflected XSS in widget script thru cookie

There is buyerinfo cookie. Let set it to this value: a:9:s:10:"firstname";s:47:""xss...

CVE-2010-4874

Multiple cross-site scripting XSS vulnerabilities in users.php in NinkoBB 1.3 RC5 allow remote attackers to inject arbitrary web script or HTML via the 1 firstname, 2 lastname, 3 msn, or 4 aim parameter...