MedDream PACS Premium emailfailedjob reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2255 MedDream PACS Premium emailfailedjob reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54495 SUMMARY A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premiu...

EUVD-2014-8136

Malware in sbrugna...

CVE-2014-8295

SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter...

CVE-2025-28402

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter...

CVE-2025-28402

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter...

CVE-2025-28402

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the jobId parameter...

RuoYi 安全漏洞

RuoYi is a backend management system for individual developers of RuoYi in China. A security vulnerability exists in RuoYi v.4.8.0, which can be exploited by a remote attacker to elevate privileges via the jobId parameter...

CVE-2025-28402

Consolidated details: CVE-2025-28402 affects RUoYi v4.8.0 and allows a remote attacker to escalate privileges via the jobId parameter. Connected sources confirm the issue; no official patch/version fix is documented in the provided connected documents. PT-2025-15243 notes there is no information ...

PT-2025-15243 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RUoYi version 4.8.0 Description: An issue in RUoYi allows a remote attacker to escalate privileges via the jobId parameter. Recommendations: For RUoYi version 4.8.0, consider restricting access to the jobId parameter to minimize the risk of...

CVE-2025-25189

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

CVE-2025-25189 [XBOW-025-031] Reflected Cross-Site Scripting via jobid Parameter in ZOO-Project WPS publish.py CGI Script

The ZOO-Project is an open source processing platform. A reflected Cross-Site Scripting vulnerability exists in the ZOO-Project Web Processing Service WPS publish.py CGI script prior to commit 7a5ae1a. The script reflects user input from the jobid parameter in its HTTP response without proper HTM...

PT-2025-6112 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The issue is related to a reflected Cross-Site Scripting vulnerability in the ZOO-Project Web Processing Service WPS publish.py CGI script. This vulnerability occurs because the script...

ZOO-Project 跨站脚本漏洞

ZOO-Project is an open source processing platform from ZOO-Project Open Source. ZOO-Project suffers from a cross-site scripting vulnerability that stems from the publish.py CGI script reflecting user input for the jobid parameter directly into the HTTP response without HTML coding or cleanup...

CVE-2024-8471

Cross-Site Scripting XSS vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php...

CVE-2024-8471

CVE-2024-8471 concerns a Cross-Site Scripting (XSS) vulnerability in a Job Portal web application. The vulnerability arises from insufficient handling/encryption of user-controlled input in the /jobportal/process.php endpoint, with JOBID and USERNAME parameters being implicated. Exploitation coul...

PHPGurukul Job Portal 跨站脚本漏洞

PHPGurukul Job Portal is a PHP-based job search website system from PHPGurukul. A cross-site scripting vulnerability exists in PHPGurukul Job Portal version 1.0, which originates from the JOBID and USERNAME parameters in /jobportal/process.php...

CVE-2023-41015

code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via /Employer/DeleteJob.php?JobId=1...

CVE-2023-49689

Job Portal v1.0 is affected by multiple unauthenticated SQL injection vulnerabilities in the Employer/DeleteJob.php resource, caused by the JobId parameter not validating input and sending characters unfiltered to the database. This CVE (CVE-2023-49689) is documented across NVD, CVE.org, and rela...

Sony: Reflected XSS on ███ via jobid parameter

The researcher reported that a URL parameter of a Sony website was vulnerable to reflected XSS. The researcher used the JavaScript onpointerleave event to trigger the XSS payload...