EUVD-2026-31312

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

EUVD-2026-31309

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesi.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into HTML form hidden input value attributes...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the frmaddstr POST parameter in the ics214.php file, allowing uncleane...

PT-2026-42508

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the frmaddstr POST parameter was not cleared in icc202.php, allowin...

CVE-2026-5113

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

EUVD-2007-1182

Malware in sbrugna...

PT-2022-14124 · WordPress · Very Simple Contact Form

Name of the Vulnerable Software and Affected Versions: Very Simple Contact Form WordPress plugin versions prior to 11.6 Description: The issue allows bots to bypass the captcha check by exposing the solution in the rendered contact form as hidden input fields and plain text, making the page a...

Superforms < 6.0.4 - Reflected Cross-Site Scripting

The plugin does not escape the bobczypanstwasprawazostalarozwiazana parameter before outputting it back in an attribute via the superlanguageswitcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user...

Ananta Gazelle 1.0 SQL Injection

www.BugReport.ir AmnPardaz Security Research Team Title: Ananta Gazelle SQL Injection Vulnerability Vendor: http://www.anantasoft.com/ Vulnerable Version: 1.0 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: Ananta Gazelle is a rich JavaScript enabled CMS with...

Design/Logic Flaw

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

CVE-2007-1185

CVE-2007-1185 affects WebAPP prior to 0.9.9.5, where the (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms rely on hidden inputs. The connected sources identify this as a design/logic issue with hidden inputs but do not specify concrete impact, exploitation conditions, or r...