4 matches found
CVE-2026-48232
Open ISES Tickets prior to version 3.44.2 contains a SQL injection in ajax/fullsit_incidents.php where the offset parameter from GET is directly concatenated into the LIMIT clause without sanitization. Authenticated attackers can craft requests to alter query semantics, potentially reading, modif...
CVE-2024-27780
Multiple Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerabilities CWE-79 in FortiSIEM 7.1 all versions, 7.0 all versions, 6.7 all versions incident page may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests...
CVE-2022-31961
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manageincident.php?id=...
dda.dc.gov XSS vulnerability
Vulnerable URL: https://dda.dc.gov/mcis/incident/default.asp?fromSearch=1"...