CVE-2026-10251

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

EUVD-2018-21873

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

PHPGurukul Apartment Visitors Management System 安全漏洞

PHPGurukul Apartment Visitors Management System is an apartment visitor management system developed by PHPGurukul Corporation. The PHPGurukul Apartment Visitors Management System V1.1 version has a security vulnerability. This vulnerability stems from an SQL injection issue with the username...

Deciso OPNsense 安全漏洞

Deciso OPNsense is a set of open-source firewall and routing software based on FreeBSD developed by the Dutch company Deciso. Prior to version 26.1.6, there were security vulnerabilities in OPNsense. These vulnerabilities stemmed from the LDAP authentication connector, which directly passed the...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the username parameter on the login page not being cleaned or encoded properly, which could lead to reflection-type cross-site...

CVE-2026-33303

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

CVE-2026-33303

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

CVE-2026-33303

CVE-2026-33303 affects OpenEMR prior to 8.0.0.2. A stored XSS vulnerability exists in the portal credential print view where an unescaped patient portal username (portal_login_username) can be injected by a patient, executing in a clinic staff member’s browser when accessing the "Create Portal Lo...

EUVD-2026-13223

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portalloginusername in the portal credential print view. A patient portal user can set their login...

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained a cross-site...

PT-2026-26345

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting XSS via unescaped portal login username in the portal credential print view. A patient portal user can set their login...

PT-2026-23699

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

Data Center Audit SQL注入漏洞

Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...

CVE-2019-25402 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via login

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username...

CourseSelectionSystem SQL注入漏洞

CourseSelectionSystem is a simple online course selection system by the individual developer of kidaze. CourseSelectionSystem suffers from a SQL injection vulnerability, which originates from an incorrect manipulation of the parameter Username in the file /Profilers/SProfile/login1.php, which may...

CVE-2025-13578

A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

EUVD-2025-33168

A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument loginusername leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11476

A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument loginusername leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...