PHPGurukul Apartment Visitors Management System 安全漏洞

PHPGurukul Apartment Visitors Management System is an apartment visitor management system developed by PHPGurukul Corporation. The PHPGurukul Apartment Visitors Management System V1.1 version contains a security vulnerability. This vulnerability stems from a cross-site scripting issue with the...

EUVD-2009-0997

Malware in sbrugna...

CVE-2024-0844

The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute...

PT-2024-15861 · WordPress · Popup More Popups

Name of the Vulnerable Software and Affected Versions: The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress version 2.1.6 Description: The issue allows authenticated attackers with administrator-level access and above to include and execute arbitrary files ending with...

Cross-site Scripting (XSS)

baserproject/basercms is vulnerable to Cross-site Scripting XSS. The vulnerability in the favorite feature of form.php because it fails to properly escape malicious characters before rendering. This allows an attacker to inject and execute malicious JavaScript in the web browser when accessing th...

CVE-2021-42358

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2...

CVE-2021-38710

Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...

Cross site scripting

Static Persistent XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITENAME parameter...

CVE-2019-11378

An issue was discovered in ProjectSend r1053. upload-process-form.php allows finishedfiles=../ directory traversal. It is possible for users to read arbitrary files and potentially access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code...

thechinatravelcompany.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-680334 Description| Value ---|--- Affected Website:| thechinatravelcompany.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

waveneyrush.co.uk XSS vulnerability

Open Bug Bounty ID: OBB-651394 Description| Value ---|--- Affected Website:| waveneyrush.co.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-13423

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag...

CVE-2018-13423

admin/themes/default/items/tag-form.php in Omeka before 2.6.1 allows XSS by adding or editing a tag...

CVE-2018-13423

Affected product: Omeka prior to 2.6.1. Vulnerability: Cross-site scripting (XSS) in admin/themes/default/items/tag-form.php triggered by adding or editing a tag. Root cause / nature: The description indicates an XSS flaw in the tag form handling. Impact (as stated): arbitrary script/HTML may be ...

staropolska.pl XSS vulnerability

Open Bug Bounty ID: OBB-582626 Description| Value ---|--- Affected Website:| staropolska.pl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

jelzontech.com XSS vulnerability

Open Bug Bounty ID: OBB-577636 Description| Value ---|--- Affected Website:| jelzontech.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

theiia.kr XSS vulnerability

Open Bug Bounty ID: OBB-577635 Description| Value ---|--- Affected Website:| theiia.kr Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure...

acquirecareers.com XSS vulnerability

Open Bug Bounty ID: OBB-561001 Description| Value ---|--- Affected Website:| acquirecareers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

beatthegmat.com XSS vulnerability

Open Bug Bounty ID: OBB-381466 Description| Value ---|--- Affected Website:| beatthegmat.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

Open Redirect

WordPress is vulnerable to open redirect attacks. It is possible because the library does not properly validate the external URL in wphttpreferer in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, allowing attackers to redirect users to a different website...