ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning and escaping of Field parameters in the GroupPropsFormRowOps.php file, which could lead to SQL injection...

CVE-2025-62295

SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...

PT-2025-47595

Name of the Vulnerable Software and Affected Versions SOPlanning versions prior to 1.55 Description SOPlanning is susceptible to a Stored Cross-Site Scripting XSS issue in the /groupe form endpoint. An attacker with medium privileges can inject arbitrary HTML and JavaScript code into the website...

EUVD-2019-8023

Malware in sbrugna...

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

Cross site scripting

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

Moodle 2.6.1 Cross Site Scripting

============================================================== Title ...| Moodle 2.6.1 Version .| Feb 27 2014 moodle-latest-26.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://download.moodle.org ============================================================== + From admin user:...