CVE-2025-61540

SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php...

CVE-2025-61539

Cross site scripting XSS vulnerability in Ultimate PHP Board 2.2.7 via the uname parameter in lostpassword.php...

CVE-2025-61539

Cross site scripting XSS vulnerability in Ultimate PHP Board 2.2.7 via the uname parameter in lostpassword.php...

CVE-2025-61539

Cross site scripting XSS vulnerability in Ultimate PHP Board 2.2.7 via the uname parameter in lostpassword.php...

CVE-2019-12385

An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches even guest users can dump any data contained in the database sessions, hashed passwords, etc.. This may lead to a full compromise of...

PT-2017-18265 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 4.7.5 Description: The issue allows remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request. This is related to problematic use of the SERVER NAME variable in...

bonprix.de XSS vulnerability

Vulnerable URL: https://www.bonprix.de/lostPassword.htm Details: Description| Value ---|--- Patched:| Yes, at 27.06.2017 Latest check for patch:| 27.06.2017 09:15 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5760 VIP website status:| Yes Check bonprix.de SSL...

r-active.ru XSS vulnerability

Vulnerable URL: http://r-active.ru/dear-user/lostpassword.html Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 17:41 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 23147534 Google Pagerank| 3 VIP website...

Cross site scripting

Cross-site scripting XSS vulnerability in login-with-ajax.php in the Login With Ajax aka login-with-ajax plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the callback parameter in a lostpassword action to wp-login.php...

CVE-2009-2588

Multiple cross-site scripting XSS vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 feedback.php, 2 index.php, and 3 lostpassword.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 feedback.php, 2 index.php, and 3 lostpassword.php...

Unfixed XSS vulnerability at www.glosboken.se

Security researcher Uber0n, has submitted on 11/05/2008 a cross-site-scripting XSS vulnerability affecting www.glosboken.se, which at the time of submission ranked 236834 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/05/2008. It is current...

CVE-2008-3315

CVE-2008-3315 refers to multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10, exploitable via the query string on numerous files (e.g., announcements/messages.php, lostPassword.php, profile.php in auth/; calendar/myagenda.php; group/group.php; learningPath.; tracking/ ; user/*;...

Unfixed XSS vulnerability at www.iauq.ac.ir

Security researcher MK, has submitted on 13/07/2008 a cross-site-scripting XSS vulnerability affecting www.iauq.ac.ir, which at the time of submission ranked 886585 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2009. It is currently...

CVE-2008-2980

Multiple cross-site scripting XSS vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 errormeldung parameter to admin/features/register/register.php, the 2 featurelanguageueberschrift parameter to...

CVE-2005-4637

Multiple cross-site scripting XSS vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 nav parameter in the downloads module, 2 Full Name and 3 Email fields in the core module, 4 Full Name, 5 Email, and 6...