CVE-2024-31431

Cross-Site Request Forgery CSRF vulnerability in Tyche Softwares Product Input Fields for WooCommerce.This issue affects Product Input Fields for WooCommerce: from n/a through 1.7.0...

CVE-2024-31416

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result...

CVE-2024-57328

A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access...

CVE-2024-25036

IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields...

CVE-2021-32671

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

CVE-2020-25375

Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field, Mobile field, Place of Birth field, Web Site field, VAT Number field, Last Name field, Fax field...

CVE-2020-8493

A stored XSS vulnerability in Kronos Web Time and Attendance webTA affects 3.8.x and later 3.x versions before 4.0 via multiple input fields Login Message, Banner Message, and Password Instructions of the com.threeis.webta.H261configMenu servlet via an authenticated administrator...

CVE-2020-25195

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device...

CVE-2002-2376

Cross-site scripting XSS vulnerability in E-Guestsign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the 1 full name, 2 email, 3 homepage, and 4 location parameters. NOTE: this issue might overlap CVE-2005-1605...

CVE-2024-40069

Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting XSS via idgenerator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'...

CVE-2025-29719

CVE-2025-29719 affects SourceCodester (rems) Employee Management System 1.0, with a Cross Site Scripting (XSS) vulnerability in add_employee.php via the First Name and Address fields. The issue arises from unsanitized user input that could inject scripts; remediation guidance from PT-2025-14547 s...

CVE-2024-13359

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the addproductinputfieldstoorderitemmeta function in all versions up to, and including, 1.12.0. This may make it possible for unauthenticated attackers...

WordPress Product Input Fields for WooCommerce plugin <= 1.12.0 - Unauthenticated Limited File Upload vulnerability

Unauthenticated Limited File Upload vulnerability discovered by luckybuddy in WordPress Plugin Product Input Fields for WooCommerce versions = 1.12.0...

WordPress plugin Product Input Fields for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

CVE-2023-51296

PHPJabbers Event Booking Calendar v4.0 is vulnerable to Cross-Site Scripting XSS in the "name, pluginsmsapikey, pluginsmscountrycode, title, pluginsmsapikey" parameters which allows attackers to execute arbitrary code...

CVE-2024-56882

CVE-2024-56882 affects Sage DPW before 2024_12_000. Affected component: Kurstitel and Kurzinfo input fields where low-privileged users with the employee role can permanently store JavaScript. The injected payload is executed for each authenticated user who views/interacts with the modified data. ...

CVE-2024-41725

ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to render pages which may allow cross site scripting...

CVE-2025-0873

A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipulation of the argument id/address/fullname/phonenumber/email/city/comment leads to sql injection. T...

CVE-2025-0844

A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/useraddress...

php: Erroneous parsing of multipart form data

A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...