CVE-2026-5961 code-projects Simple IT Discussion Forum topic-details.php sql injection

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

GHSA-G375-5WMP-XR78 Admidio is Missing Authorization on Forum Topic and Post Deletion

Summary The forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perform no authorization check before calling delete. Any authenticated user with...

CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topicmove, topicmerge, and topicsplit form action handlers. Attackers with a valid form nonce can reorganize arbitrary forum content without...

CVE-2026-28555

wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforocloseajax handler. Attackers submit a valid nonce with an arbitrary topic ID to bypass the moderator permission requirement and disrupt forum...

SUSE CVE-2006-3257

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including 1 calendar/myagenda.php, 2 document/document.php, 3 phpbb/newtopic.php, 4 tracking/userLog.php, and 5 wiki/page.php...

WordPress bbPress Login Register Links On Forum Topic Pages plugin <= 2.7.5 - Cross-Site Request Forgery (CSRF) to Stored Cross-Site Scripting (XSS) vulnerability

CSRF to Stored XSS vulnerability found in WordPress bbPress Login Register Links On Forum Topic Pages plugin versions = 2.7.5. Solution Update the WordPress bbPress Login Register Links On Forum Topic Pages plugin to the latest available version at least 2.8.5...

lab.vodafone.it XSS vulnerability

Vulnerable URL: http://lab.vodafone.it/forum/viewtopic.php?f=18=8374=45&d6a;=...

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

ViArt CMS forum_topic_new.php forum_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36003/info ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context ...

CVE-2008-2532

SQL injection vulnerability in forum/topicdetail.php in AJ Square aj-hyip aka AJ HYIP Acme allows remote attackers to execute arbitrary SQL commands via the id parameter...

BtitTracker 1.4 XSS

BtitTracker 1.4 xss Some fields are not sanitized for bad chars or words like javascript. =email field= When new user is registered you can put whatever you want and after that when still in mode "validating" you can change your email to something like "plaintext the field is 30 chars long so it ...