471 matches found
CVE-2026-10815
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-10815
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-10815
The CVE-2026-10815 entry concerns LakshayD02’s Hostel-Management-System-PHP (up to commit f87e67c283bab6f718faf2fec6ae39a13bd7036b). The vulnerability affects the Admin Dashboard Page, specifically the hostel/index.php component, where manipulating the argument ID results in missing authorization...
EUVD-2026-34293
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-10815 LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
Hostel < 1.1.5.3 - Cross-Site Scripting
The Hostel WordPress plugin before 1.1.5.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. id: CVE-2024-3753 info: name: Hostel 1.1.5.3 - Cross-Site Scriptin...
PT-2026-46253
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in missing authorization...
CVE-2026-1838
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress Hostel plugin <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter vulnerability
Reflected Cross-Site Scripting via 'shortcodeid' Parameter vulnerability discovered by Bee - FPT University in WordPress Plugin Hostel versions = 1.1.6...
CVE-2026-1838
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-1838
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-1838
Affected software: Hostel plugin for WordPress (versions up to 1.1.6). Vulnerability: Reflected Cross-Site Scripting via the 'shortcode_id' parameter due to insufficient input sanitization and output escaping. Impact (as stated): Unauthenticated attackers can inject arbitrary web scripts into pag...
CVE-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EUVD-2026-23624
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
CVE-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcodeid' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
PT-2026-33580
The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
WordPress plugin Hostel 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-63611
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields Explain the Complaint submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer /admin/complaint-details.php?cid=. When an administrator opens the complaint, injected...
CVE-2025-63611
Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields Explain the Complaint submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer /admin/complaint-details.php?cid=. When an administrator opens the complaint, injected...