18 matches found
CVE-2026-50235
Affected software: Lyrion Music Server 9.2.0. Vulnerability: reflected XSS in advanced search parameters that fail to sanitize user input before displaying it in search forms. Impact: can execute arbitrary JavaScript in users’ browsers and potentially steal session information. Exploitation/Detai...
PT-2026-46954
Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...
EUVD-2026-17101
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addstock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...
CVE-2026-30559
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the addsales.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML...
PT-2026-29032
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view supplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script o...
PT-2026-29042
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add supplier.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or...
CVE-2026-30569
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the viewstockavailability.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web...
CVE-2026-30571
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0 in the viewcategory.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
PT-2026-28412
A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Inventory System 1.0 in the view category.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2025-63526
The affected product is the Blood Bank Management System (abs.php). The vulnerability is a cross-site scripting (XSS) flaw caused by improper sanitization/encoding of user input before rendering in the response. An attacker can inject malicious JavaScript into the msg parameter, which is executed...
Cross-site Scripting (XSS)
Overview lightgallery is an A lightweight, customizable, modular, responsive, lightbox gallery plugin for jQuery. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient input sanitization and output escaping of attributes. An attacker can execute arbitrary w...
CVE-2025-10458
Parameters are not validated or sanitized, and are later used in various internal operations...
CVE-2023-21410
User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution...
CVE-2022-1532
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting...
GHSA-QCFF-FFX3-M25C Command Injection in meta-git
All versions of meta-git are vulnerable to Command Injection. The package fails to sanitize input and passes it directly to an exec call, which may allow attackers to execute arbitrary code in the system. The clone command is vulnerable through the branch name. Recommendation No fix is currently...
CVE-2020-12014
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands...
CVE-2018-7650
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript...
TopperMod 2.0 - SQL Injection
Author: GiReX mySite: girex.altervista.org CMS: TopperMod v2.0 Site: rtcw.ch/mio/index.php Bug: SQL Injection Type: 1 - Priviledge Escalation from user to mod 2 - Remote user password change File: /account/index.php Var : $localita Need: magicquotesgpc = Off You must be logged in Vuln Code:...