EUVD-2026-32133

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashlayout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

WEBIGniter 28.7.23 Cross Site Scripting

Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting XSS Exploit Author: Sagar Banwa Date: 19/10/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/cross-site-scripting Tested on: Windows 10/Kali Linux CVE :...

SUSE CVE-2007-0095

phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblueorange/layout.inc.php, which reveals the path in an error message...

PT-2007-6256 · Nexty · Nexty

Name of the Vulnerable Software and Affected Versions: Nexty version 1.01.A Beta Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the rel parameter in the includes/functions/layout.php file. This is disputed because the applicable include is in a function...

CVE-2007-1142

Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...