EUVD-2018-6859

Malware in sbrugna...

CVE-2023-6767 SourceCodester Wedding Guest e-Book add-guest.php cross site scripting

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. This affects an unknown part of the file /endpoint/add-guest.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2021-43675

Lychee-v3 3.2.16 is affected by a Cross Site Scripting XSS vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user...

Cross site scripting

Lychee-v3 3.2.16 is affected by a Cross Site Scripting XSS vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user...

CVE-2021-43675

Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The issue arises because the exit path prints a message to the user that includes albumID, which is controllable by the attacker. Affected component: Lychee-v3, version 3.2.16; vulnerable function/...

QCMS cross-site scripting vulnerability (CNVD-2019-10283)

QCMS is an open source content management system CMS for creating responsive websites. A cross-site scripting vulnerability exists in upload/System/Controller/guest.php in QCMS 3.0.1, which can be exploited by an attacker via the name parameter...

Design/Logic Flaw

An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070...

CVE-2018-14977

An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070...

blackjackscience.com XSS vulnerability

Open Bug Bounty ID: OBB-569187 Description| Value ---|--- Affected Website:| blackjackscience.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Malware exploit: Smoke Loader

Type: SQLi http://localhost/control.php?id=1 http://localhost/guest.php?id=1 POST...

CVE-2009-4936

Multiple SQL injection vulnerabilities in Small Pirate SPirate 2.1 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to the default URI in an rss .xml action, or the id parameter to 2 pag1.php, 3 pag1-guest.php, 4 rss-commentpost.php aka rss-comentpost.php, or 5...

Sql injection

Multiple SQL injection vulnerabilities in Small Pirate SPirate 2.1 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to the default URI in an rss .xml action, or the id parameter to 2 pag1.php, 3 pag1-guest.php, 4 rss-commentpost.php aka rss-comentpost.php, or 5...