16 matches found
CVE-2025-1155
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove...
CVE-2025-11703
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...
EUVD-2025-34978
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...
CVE-2025-11703
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...
CVE-2025-11703
CVE-2025-11703 affects the WP Go Maps (formerly WP Google Maps) WordPress plugin up to and including version 9.0.48. It describes an unauthenticated cache-poisoning vulnerability where server-side caching is not used for location search results and user input is relied upon, enabling an attacker ...
CVE-2025-11703 WP Go Maps (formerly WP Google Maps) <= 9.0.48 - Unauthenticated Cache Poisoning
The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Cache Poisoning in all versions up to, and including, 9.0.48. This is due to the plugin not serving cached data from server-side responses and instead relying on user-input. This makes it possible for unauthenticated...
EUVD-2025-2030
Malicious code in bioql PyPI...
CVE-2025-1155
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove...
CVE-2025-1155 Webkul QloApps Your Location Search stores cross site scripting
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove...
CVE-2025-1155 Webkul QloApps Your Location Search stores cross site scripting
A vulnerability, which was classified as problematic, was found in Webkul QloApps 1.6.1. This affects an unknown part of the file /stores of the component Your Location Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is planned to remove...
Webkul QloApps 安全漏洞
Webkul QloApps is a hotel reservation management software from Webkul Inc. A security vulnerability exists in Webkul QloApps version 1.6.1, which stems from improper input filtering in the Your Location Search component under the stores path, leading to a cross-site scripting attack...
ANSI Escape Sequence Injection
Description Injection of escape sequences opens up the possibility for concealing / modifying viewed data, and code execution as some esc seqs feed data back to stdin. Proof of Concept poc So far, the places I managed to find a successful injection are: - when running id from the file name - func...
CVE-2021-32605
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...
Zzzcms 操作系统命令注入漏洞
ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in Zzzcms prior to version 2.0.4. The vulnerability stems from the failure of a network system or product to properly filter special characters, commands, etc. during the execution of user input construction command...
Western Union CN Bug Bounty #6 - CS XSS Web Vulnerability
Document Title: =============== Western Union CN Bug Bounty 6 - CS XSS Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1657 Release Date: ============= 2015-12-14 Vulnerability Laboratory ID VL-ID: ====================================...
Western Union CN Bug Bounty #6 - CS XSS Web Vulnerability
Document Title: =============== Western Union CN Bug Bounty 6 - CS XSS Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1657 Release Date: ============= 2015-12-14 Vulnerability Laboratory ID VL-ID: ====================================...