CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

CVE-2025-59760

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

CVE-2025-59765

AndSoft e-TMS v25.03 is affected by a reflected Cross-Site Scripting (XSS) vulnerability. The issue arises in the login endpoint (/clt/LOGINFRM_LF.ASP) where user-controlled data in the l, demo, demo2, TNTLOGIN, UO, and SuppConn parameters can be exploited to cause JavaScript execution in a victi...

CVE-2025-59740

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMCAT.ASP'...

CVE-2025-59736

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRMDJO.ASP'...

CVE-2025-59739

CVE-2025-59739 describes an OS command‑injection in AndSoft’s e‑TMS v25.03. The root cause is misuse of the m parameter in the request path /clt/LOGINFRM_original.ASP , exploitable via a POST to execute arbitrary commands on the server. Impact: potential full server compromise (as supported by CV...

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform builder written in PHP by the WWBN team. A cross-site scripting vulnerability exists in WWBN AVideo version 14.4, which stems from the LoginWordPress loginForm cancelUri parameter could lead to a cross-site scripting attack...

PYSEC-2017-60

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to 1...

PT-2007-5296 · Phphostbot · Phphostbot

Name of the Vulnerable Software and Affected Versions: PhpHostBot affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the login form parameter in the library/authorize.php file. Recommendations: At the moment, there is no...