CVE-2026-35013

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

EUVD-2026-31185

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the streetview.php file...

CVE-2026-1096

The Best-wp-google-map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'latitude' and 'longitudinal' parameters of the 'googlemapview' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible f...

CVE-2026-1096

CVE-2026-1096 affects the Best-wp-google-map WordPress plugin (versions

EUVD-2017-9146

Malware in sbrugna...

CVE-2024-25469

SQL Injection vulnerability in CRMEB crmebjava v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component...

CVE-2024-3666

The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible...

PT-2024-27109 · WordPress · The Opal Estate Pro

Name of the Vulnerable Software and Affected Versions: The Opal Estate Pro – Property Management and Submission plugin for WordPress versions up to, and including, 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the agent latitude and longitude parameters due to...

PT-2024-20842 · Unknown · Niushop B2B2C

Name of the Vulnerable Software and Affected Versions: Niushop B2B2C V5 affected versions not specified Description: The issue allows attackers to run arbitrary SQL commands via latitude and longitude parameters in the /app/api/controller/Store.php endpoint. This enables potential exploitation fo...

niushop b2b2c SQL Injection Vulnerability

Niushop niushop b2b2c is a PHP open source e-commerce multi-tenant system of China NiuKu information technology Niushop company . niushop b2b2c V5 version exists SQL injection vulnerability , the vulnerability stems from /app/api/controller/Store.php in the existence of SQL injection , allowing a...

CVE-2023-41507

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters...

Super Store Finder SQL Injection Vulnerability

Super Store Finder is an easy-to-use Google Maps API store locator program Super Store Finder by Super Store Finder. A security vulnerability exists in Super Store Finder version v3.6, which stems from an SQL injection vulnerability in the store locator component that contains multiple SQL...

Zurmo cross-site scripting vulnerability (CNVD-2018-02168)

Zurmo is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. A cross-site scripting vulnerability exists in Zurmo version 3.2.3. A remote attacker can exploit this vulnerability by sending the 'latitude' or 'longitude' parameter to...

Design/Logic Flaw

Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint...

Doctors Appointment Script SQL Injection Vulnerability

Doctors Appointment Script is an apartment booking service website built with HTML5, CSS3, PHP 5 and jQuery. Doctors Appointment Script has a SQL injection vulnerability in several parameters such as lat, lon, category, etc. on the search page, which can be exploited by an attacker to read...