CVE-2026-35013

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

CVE-2026-35013

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

EUVD-2026-31185

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the streetview.php file...

CVE-2026-1096

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2026-1096

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2026-1096 Best-wp-google-map <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'latitude' Shortcode Attribute

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2026-1096

CVE-2026-1096 affects the Best-wp-google-map WordPress plugin (versions

CVE-2026-0843

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

CVE-2026-0843

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

CVE-2026-0843 jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

CVE-2026-0843 jiujiujia/victor123/wxw850227 jjjfood/jjjshop_food index sql injection

A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshopfood up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such manipulation of the argument latitude leads to sql injection. The attack can be launched remotely...

jiujiujia jjjshop_food_php SQL注入漏洞

jiujiujia jjjshopfoodphp is a restaurant chain ordering software from China's Jiu Jiu Jia jiujiujia company. A SQL injection vulnerability exists in jiujiujia jjjshopfoodphp 20260103 and earlier versions, which stems from incorrect manipulation of the parameter latitude in the file...

PT-2026-2039

Name of the Vulnerable Software and Affected Versions jjjfood and jjjshop food versions up to 20260103 Description A flaw exists in jjjfood and jjjshop food that allows for SQL injection. The issue is located in unknown code within the file '/index.php/api/product.category/index'. Manipulation of...

EUVD-2017-9146

Malware in sbrugna...

CVE-2024-25469

SQL Injection vulnerability in CRMEB crmebjava v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component...

CVE-2024-3666

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible...

PT-2024-27109 · WordPress · The Opal Estate Pro

Name of the Vulnerable Software and Affected Versions: The Opal Estate Pro – Property Management and Submission plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the agent latitude and longitude parameters due to...

PT-2024-20842 · Unknown · Niushop B2B2C

Name of the Vulnerable Software and Affected Versions: Niushop B2B2C V5 affected versions not specified Description: The issue allows attackers to run arbitrary SQL commands via latitude and longitude parameters in the /app/api/controller/Store.php endpoint. This enables potential exploitation fo...

niushop b2b2c SQL Injection Vulnerability

Niushop niushop b2b2c is a PHP open source e-commerce multi-tenant system of China NiuKu information technology Niushop company . niushop b2b2c V5 version exists SQL injection vulnerability , the vulnerability stems from /app/api/controller/Store.php in the existence of SQL injection , allowing a...