14 matches found
CVE-2021-47981
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...
Bandit trusts client-supplied URI scheme on plaintext connections
Summary Bandit reflects the client-supplied URI scheme into conn.scheme without verifying the actual transport. Over a plaintext HTTP/1.1 connection or h2c, an unauthenticated attacker can send an absolute-form request target like GET https://victim/path HTTP/1.1 and the application observes...
CVE-2026-30563
A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the updatedetails.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject...
CVE-2025-12895
CVE-2025-12895 concerns Kalium 3 (Creative WordPress & WooCommerce Theme) before version 3.29. The issue is an unauthorized email sending capability due to a missing authorization check in kalium_vc_contact_form_request(), allowing unauthenticated actors to use the site as an open mail relay to s...
EUVD-2025-31569
Malicious code in bioql PyPI...
SUSE CVE-2025-9648
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
CVE-2025-9648 Denial of Service in CivetWeb
A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...
CVE-2022-26352
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...
CVE-2022-26352
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous...
Local Services Search Engine Management System (LSSMES) 1.0 - (name) XSS Vulnerability
Exploit Title: Local Services Search Engine Management System LSSMES 1.0 - 'name' Persistent Cross-Site Scripting XSS Exploit Author: Tushar Vaidya Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/ Software Link:...
urlaubsplus.de XSS vulnerability
Open Bug Bounty ID: OBB-670276 Description| Value ---|--- Affected Website:| urlaubsplus.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-10356
A SQL injection remote code execution vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to execute arbitrary SQL statements on vulnerable installations due to a flaw in the formRequestDomains class. Authentication is required to exploit this vulnerability...
International Islamic University Chittagong: Application fees changeable
When i submit the form of the Url http://119.18.148.140/iiuc/home/apply-online then I intercept the form request and change the 500 into 100. Application did not give the option to change the money but by intercepting the request we can change the money. Application should removed the application...
Ubuntu Update for moin vulnerabilities USN-925-1
Ubuntu Update for Linux kernel vulnerabilities USN-925-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9251.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for moin vulnerabilities USN-925-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...