CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

CVE-2025-50186

Chamilo LMS prior to version 1.11.30 is affected by a stored XSS vulnerability in CSV filenames. The issue arises from insufficient sanitization of uploaded CSV names, allowing an attacker to upload a file such as .csv that can execute JavaScript when viewed by administrators or users with access...

CVE-2026-0649 invoiceninja Migration Import Import.php copy server-side request forgery

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

CVE-2025-9424 Ruijie WS7204-A branch_import.php os command injection

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

Ruijie WS7204-A 安全漏洞

Ruijie WS7204-A is a wireless controller from Ruijie China. A security vulnerability exists in the Ruijie WS7204-A version 2017.06.15, which originates from an incorrect operation of the parameter providence in the file /itboxpi/branchimport.php?a=branchlist that results in os command injection...

PT-2025-37377

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system susceptible to deserialization of untrusted data. The issue resides in /plugin/vchamilo/views/import.php and is triggered through POST requests utilizing the...

PT-2023-10201 · Unknown · Iish Nlgis2

Name of the Vulnerable Software and Affected Versions: IISH nlgis2 affected versions not specified Description: A critical issue was found in IISH nlgis2, affecting an unknown functionality of the file scripts/etl/custom import.pl. This issue leads to sql injection. Recommendations: To fix this...

VulnCheck KEV: CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

CVE-2021-29031

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/usersimport.php URI...

WMI Based Agentless Post-Exploitation PowerShell RAT: WMImplant

WMImplant is a PowerShell based tool that leverages WMI to both perform actions against targeted machines, but also as the C2 channel for issuing commands and receiving results. WMImplant will likely require local administrator permissions on the targeted machine. It is designed to run both...