CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

PT-2025-46863

Name of the Vulnerable Software and Affected Versions cameasy Liketea version 1.0.0 Description A security issue exists in cameasy Liketea 1.0.0. The list function within the file laravel/app/Http/Controllers/Front/StoreController.php of the API Endpoint component is susceptible to SQL injection...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

Exploit for SQL Injection in Superstorefinder Super_Store_Finder

CVE-2023-41507 CVE-2023-41507 - Super Store Finder v3.6 was di...

CVE-2021-34664

The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the /Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5...

CVE-2021-34664

The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the /Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The Moova for WooCommerce plugin for WordPres...

LocalTapiola: Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)

Vulnerable script: /webApp/lahti Vulnerable parameters: ctxvarshtml, ctxvarszoom, ctxvarsLat, ctxvarsLng PoC 1 html parameter https://blackfan.ru/localtapiola4567uytr567tre4567ytr/poc1html.html Result: html alertdocument.location PoC 2 zoom parameter...