CVE-2026-8802

A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument picfilename results in path traversal. The attack may be launched remotely. The patch is...

argentavis.org XSS vulnerability

Open Bug Bounty ID: OBB-361204 Description| Value ---|--- Affected Website:| argentavis.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

voetbalkrant.com XSS vulnerability

Vulnerable URL: https://www.voetbalkrant.com/soccer/news/ajax-get-items.php?jsoncallback=prompt/OPENBUGBOUNTY/...

walfoot.be XSS vulnerability

Vulnerable URL: https://www.walfoot.be/soccer/news/ajax-get-items.php?jsoncallback=prompt/OPENBUGBOUNTY/...

CVE-2014-3774

Multiple cross-site scripting XSS vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a 1 hidcat or 2 openfolder form element, or 3 id parameter, which is not properly handle...

Funnel Web (items.php?&cat_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Funnel Web items.php?&catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.funnel-web.com.au/ Persian Gulf 4 Ever! Dork : "Web site design by Funnel Web" "inurl:items.ph...