Remote Code Execution (RCE)

nilsteampassnet/teampass is vulnerable to Remote Code Execution RCE. The vulnerability exists due to lack of restrictions of certain input fields which are directly inserted into a tp.config.php which allows an attacker to inject and execute malicious PHP code...

PT-2023-26145 · Unknown · Paulprinting Cms

Name of the Vulnerable Software and Affected Versions: PaulPrinting CMS version 2018 Description: A vulnerability was found in the software, allowing for cross-site scripting through the manipulation of the firstname, lastname, address, city, and state arguments. The attack can be launched...

CVE-2023-3561

A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting. It is possible to initiate...

GZScripts PHP GZ Appointment Scheduling Script 跨站脚本漏洞

GZScripts is a script from GZScripts Inc. A cross-site scripting vulnerability exists in GZScripts PHP GZ Appointment Scheduling Script version 1.8, which stems from the parameter firstname/secondname/phone/address1/country in the file /load.php that causes cross-site scripting...

GZ Scripts Ticket Booking Script 跨站脚本漏洞

GZ Scripts Ticket Booking Script is a ticket booking system from GZ Scripts. A cross-site scripting vulnerability exists in GZ Scripts Ticket Booking Script version 1.8, which stems from cross-site scripting due to incorrect manipulation of the parameters firstname, secondname, phone, address1, a...

PT-2023-25231 · Unknown · Gz Scripts Php Gz Hotel Booking Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts PHP GZ Hotel Booking Script version 1.8 Description: A problematic issue was found in the software, affecting an unknown part of the file /load.php. The manipulation of the arguments first name, second name, phone, address 1, or...

Time Slot Booking Calendar 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

FortiNAC - argument injection in XML interface on port tcp/5555

An improper neutralization of special elements used in a command 'command injection' vulnerability CWE-77 in FortiNAC tcp/5555 service may allow an unauthenticated attacker to copy local files of the device to other local directories of the device via specially crafted input fields. To access the...

CVE-2020-36696

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handledownloads function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable...

Authorization

The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handledownloads function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download files from the vulnerable...

CVE-2020-36696

The CVE concerns the Product Input Fields for WooCommerce plugin for WordPress, where an authorization bypass allows unauthenticated users to download files. The root cause identified across multiple sources is a missing capability check on the handle_downloads() function in versions up to and in...

WordPress Plugin Product Input Fields for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-25347

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

Cross site scripting

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...

CVE-2023-25347

CVE-2023-25347 describes a stored cross-site scripting (XSS) vulnerability affecting ChurchCRM 4.5.3. The issue arises from input fields in the EventEditor.php code, specifically the Title input field, allowing remote attackers to inject arbitrary web script or HTML. The NVD/Red Hat and related e...

CVE-2023-25347

A stored cross-site scripting XSS vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php...

CVE-2023-25348

ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file...

SUSE CVE-2020-28957

Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...