25 matches found
EUVD-2026-31700
A security vulnerability has been detected in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This affects the function confirmloggedin of the file studenttrans.php. Such manipulation of the argument FIRSTNAME/LastName/EMAIL leads to sql injection. It is possibl...
EUVD-2026-27201
The Zingaya Click-to-Call plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email', 'firstname', 'lastname', and 'phone' parameters on the plugin's sign-up admin page in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output...
EUVD-2017-9137
Malware in sbrugna...
EUVD-2022-37889
Malicious code in bioql PyPI...
EUVD-2021-29824
Malicious code in bioql PyPI...
EUVD-2024-52724
Malicious code in bioql PyPI...
CVE-2024-54999
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the lastname parameter the General Information module...
CVE-2024-54994
MonicaHQ v4.1.2 is affected by multiple client-side injection vulnerabilities in the Add a new relationship feature, exploitable via the first_name and last_name parameters. The CVE entry (CVE-2024-54994) lists a CVSS v3.1 base score of 6.5 (Medium) with network attack vector, low complexity, no ...
CVE-2023-30790
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/relationships endpoint and firstname and lastname parameter...
CVE-2022-34991
Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting XSS vulnerabilities via the firstname and lastname parameters...
CVE-2021-42869
A Cross Site Scripting XSS vulnerability exists in Chikista Patient Management Software 2.0.2 via the lastname parameter in the 1 patient/insert, 2 patientreport, 3 /appointmentreport, 4 visitreport, and 5 /billdetailreport pages...
agisportal.lanl.gov Cross Site Scripting vulnerability OBB-2153634
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| agisportal.lanl.gov ---|--- Open Bug...
CVE-2021-40922
Cross-site scripting XSS vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the lastname parameter...
CVE-2021-40922
CVE-2021-40922 is a cross-site scripting (XSS) vulnerability affecting the open source defect-tracking system Bugs/Tinyissue in versions 1.8 and earlier, exploitable via the last_name parameter in install/index.php . The root cause is improper input handling in that endpoint, enabling remote atta...
Monica 2.19.1 - (last_name) Stored XSS Vulnerability
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host: 192.168.99.162...
Monica 2.19.1 Cross Site Scripting
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...
Monica 2.19.1 - 'last_name' Stored XSS
Exploit Title: Monica 2.19.1 - 'lastname' Stored XSS Date: 22-02-2021 Exploit Author: BouSalman Vendor Homepage: https://www.monicahq.com/ Software Link: https://github.com/monicahq/monica/releases Version: Monica 2.19.1 Tested on: Ubuntu 18.04 CVE : CVE-2021-27370 POST /people HTTP/1.1 Host:...
CVE-2019-15092
The webtoffee "WordPress Users & WooCommerce Customers Import Export" plugin 1.3.0 for WordPress allows CSV injection in the userurl, displayname, firstname, and lastname columns in an exported CSV file created by the WFCustomerImpExpCsvExporter class...
Server side request forgery (ssrf)
Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...
CVE-2017-17995
Biometric Shift Employee Management System has XSS via the LastName parameter in an index.php?user=ajax request...