CVE-2026-9520

A weakness has been identified in blitz-js blitz up to 3.0.2 on GitHub. This impacts an unknown function of the file packages/generator/templates/app/src/app/auth/components/LoginForm.tsx of the component Sign-in. This manipulation of the argument Next causes cross site scripting. It is possible ...

Blitz 代码注入漏洞

Blitz is an open-source full-stack Next.js development toolkit developed by Blitz. Versions of Blitz 3.0.2 and earlier contained a code injection vulnerability. This vulnerability stemmed from an unknown function in the packages/generator/templates/app/src/app/auth/components/LoginForm.tsx file,...

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

PT-2026-4583

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion loginform process AJAX action. This makes it possible for unauthenticated attackers to update the plugin's logi...

CVE-2020-23517

Cross Site Scripting XSS vulnerability in Aryanic HighMail High CMS versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm...

EUVD-2008-4286

Malware in sbrugna...

EUVD-2006-1499

Malware in sbrugna...

EUVD-2020-7103

Malware in sbrugna...

Cross-site Request Forgery (CSRF)

silverstripe/framework is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to the improper handling of session tokens by the disableSecurityToken function within the LoginForm, which allows attackers to potentially fixate session tokens...

Cross site scripting

Cross Site Scripting XSS vulnerability in Aryanic HighMail High CMS versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm...

CVE-2020-23517

Aryanic HighMail (High CMS) is affected by CVE-2020-23517, a cross-site scripting (XSS) vulnerability in versions 2020 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the 'user' parameter on the LoginForm. In published details, exploitation could enable a...

webTareas Cross-Site Scripting Vulnerability

webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A cross-site scripting vulnerability exists in the loginForm in the general/login.php page in webTareas version 2.0p8. The...

CVE-2020-14973

The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting XSS vulnerability via the query string...

Cross site scripting

The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting XSS vulnerability via the query string...

CVE-2020-14973

The CVE-2020-14973 entry affects webTareas 2.0p8, specifically the loginForm in general/login.php. It is a reflected Cross-Site Scripting (XSS) vulnerability via the query string. The impact is limited to client-side code execution in a comparison to the vulnerable context; exploitation details a...

CVE-2020-14973

The loginForm within the general/login.php webpage in webTareas 2.0p8 suffers from a Reflected Cross Site Scripting XSS vulnerability via the query string...

Sql injection

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginFormusername field when double quotes are used...

CVE-2019-19245

NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication SQL Injection via the /elegant6/login LoginFormusername field when double quotes are used...