CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

Prototype Pollution

Overview i18next-http-middleware is an i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Affected versions of this package are vulnerable to Prototype Pollution via the lng or ns parameters handled by the getResourcesHandler...

EUVD-2010-3672

Malware in sbrugna...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2010-3688

Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open source online questionnaire survey program from LimeSurvey team, which supports survey program development, questionnaire publishing and data collection. A security vulnerability exists in LimeSurvey version v6.6.2 and earlier versions, which stems from an...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

CVE-2023-40921

SQL Injection vulnerability in functions/pointlist.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters...

Exploit for SQL Injection in Superstorefinder Super_Store_Finder

CVE-2023-41507 CVE-2023-41507 - Super Store Finder v3.6 was di...

LocalTapiola: Multiple Reflected XSS /webApp/lahti (viestinta.lahitapiola.fi)

Vulnerable script: /webApp/lahti Vulnerable parameters: ctxvarshtml, ctxvarszoom, ctxvarsLat, ctxvarsLng PoC 1 html parameter https://blackfan.ru/localtapiola4567uytr567tre4567ytr/poc1html.html Result: html alertdocument.location PoC 2 zoom parameter...

Sql injection

SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. dot dot sequences...

PT-2006-4252 · Phpsysinfo · Phpsysinfo

Name of the Vulnerable Software and Affected Versions: phpSysInfo versions 2.5.1 through 3.2.4 Description: The issue allows remote attackers to determine the existence of arbitrary files via a .. dot dot sequence and a trailing null %00 byte in the lng parameter. This will display a different...

CVE-2005-4627

CVE-2005-4627 is a cross-site scripting (XSS) vulnerability described for index.php affecting GmailSite 1.0–1.0.4 and GFHost 0.1.1–0.4.2. The issue allows remote attackers to inject arbitrary web script or HTML via the lng parameter, impacting confidentiality/ integrity of affected sessions as pe...

CVE-2005-4627

Cross-site scripting XSS vulnerability in index.php in 1 GmailSite 1.0 through 1.0.4 and 2 GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter...

CVE-2005-4627

Cross-site scripting XSS vulnerability in index.php in 1 GmailSite 1.0 through 1.0.4 and 2 GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter...

CVE-2003-1182

Cross-site scripting XSS vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter...

CVE-2003-1316

mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' quote value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...