GHSA-C8H8-VQ34-9FW2 WWBN AVideo: Stored XSS via unescaped Gallery category description

Summary AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page. Th...

PT-2026-2370

Name of the Vulnerable Software and Affected Versions VIAVIWEB Wallpaper Admin version 1.0 Description The software contains an SQL injection issue that allows authenticated attackers to manipulate database queries. Attackers can inject SQL code through the img id parameter. Specifically, sending...

EUVD-2025-1757

Malicious code in bioql PyPI...

CVE-2025-0560

A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible t...

CVE-2025-0560

A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible t...

CVE-2025-0560

CVE-2025-0560 affects CampCodes School Management Software 1.0, specifically the Photo Gallery Page component (/photo-gallery). The vulnerability arises from manipulation of the Description argument, enabling cross-site scripting. It is exploitable remotely and exploits have been publicly disclos...

Grid Kit Premium <= 1.8.53 - Reflected Cross-Site Scripting

The plugin does not escape generated URLs before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. PS: The original advisory mentions the issue being in photo-gallery, however it is not the case. On a page where there is a gallery embed, append a'-alert/XSS///=1 e.g...

CVE-2020-28072

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE...

Remote code execution

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE...

DourceCodester Alumni Management System 代码问题漏洞

Sourcecodester Alumni Management System is a Php, Mysql based alumni management system from Sourcecodester, Inc. A remote code execution vulnerability exists in the SourceCodester Alumni Management System version 1.0, which can be exploited by an authenticated attacker to upload an arbitrary file...

babeblvd.com XSS vulnerability

Open Bug Bounty ID: OBB-639592 Description| Value ---|--- Affected Website:| babeblvd.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

woonsfeerbv.nl XSS vulnerability

Open Bug Bounty ID: OBB-638495 Description| Value ---|--- Affected Website:| woonsfeerbv.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

sonsofthestorm.com XSS vulnerability

Open Bug Bounty ID: OBB-620283 Description| Value ---|--- Affected Website:| sonsofthestorm.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

thewarwickshire.com XSS vulnerability

Open Bug Bounty ID: OBB-577296 Description| Value ---|--- Affected Website:| thewarwickshire.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

realinstruments.ca XSS vulnerability

Open Bug Bounty ID: OBB-547977 Description| Value ---|--- Affected Website:| realinstruments.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

classicbuilderstx.com XSS vulnerability

Vulnerable URL: http://www.classicbuilderstx.com/gallery/index.php?catid=13'"4=4 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 06.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17593366 VIP website status:| No Coordinated...

bollinger.ch XSS vulnerability

Vulnerable URL: http://www.bollinger.ch/pages/en/gallery.php?cat=/Palmenholz%27%27%22%3E%3Cimg%20src=x%20onerror=alert/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 02.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...

unassociationtt.org XSS vulnerability

Vulnerable URL: https://www.unassociationtt.org/Photo/Gallery/index.html?bg=xss" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 12.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Che...

Information disclosure

In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images1alttext parameter...

kpvdsz.hu XSS vulnerability

Vulnerable URL:...