EUVD-2026-31180

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

CVE-2026-26273

Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve...

Known affected by Account Takeover via Password Reset Token Leakage

Summary A Critical Broken Authentication vulnerability exists in Known 1.6.2. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's...

Known 授权问题漏洞

Known is a known open-source social publishing platform in the United States. Versions prior to 1.6.3 of Known had an authorization issue vulnerability. This vulnerability stemmed from the leakage of the password reset token through a hidden HTML input field on the password reset page, which coul...

PT-2026-8041

Name of the Vulnerable Software and Affected Versions Known versions prior to 1.6.3 Known version 1.6.2 Description A critical broken authentication issue exists in Known. The application reveals the password reset token within a hidden HTML input field on the password reset page. This allows an...

CVE-2022-28508

An XSS issue was discovered in browsersearchplugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...

MantisBT allows XSS in manage_custom_field_edit_page.php

An XSS issue was discovered in managecustomfieldeditpage.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...

CVE-2022-28508

An XSS issue was discovered in browsersearchplugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field...

Perl$hop E-Commerce Input Injection

A while back I was playing around with Perl$hop, which if you are not aware, is an e-commerce script developed by Waverider Systems. XSS Cross Site Scripting, Directory Traversal, Code Execution, and more! Wow, that sure is a lot of vulnerabilities for one product. It would seem as if the...