EUVD-2025-28695

Malicious code in bioql PyPI...

CVE-2025-5932

The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the mainsettings function. This makes it possible for unauthenticated attackers to update plugin settings via a...

CVE-2023-51800

Cross Site Scripting XSS vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the mainsettings component in the phone, address, bank, accname, accnumber parameters, newclass and cname parameter, addnewparent function in t...

CVE-2023-51800

Cross Site Scripting XSS vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the mainsettings component in the phone, address, bank, accname, accnumber parameters, newclass and cname parameter, addnewparent function in t...

CVE-2023-51800

Cross Site Scripting XSS vulnerability in School Fees Management System v.1.0 allows a remote attacker to execute arbitrary code via a crafted payload to the mainsettings component in the phone, address, bank, accname, accnumber parameters, newclass and cname parameter, addnewparent function in t...

PT-2024-14294 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Fees Management System version 1.0 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via a crafted payload to the main settings component in the phone, address, bank, acc name, acc number...

CVE-2022-41392

A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...

CVE-2022-41392

A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...

Cross site scripting

A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...

CVE-2022-41392

A cross-site scripting XSS vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings...

PT-2022-25841 · Total.Js · Total.Js

Name of the Vulnerable Software and Affected Versions: TotalJS version 8c2c8909 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. Recommendations: For version...

Total Avengers Totaljs Framework 跨站脚本漏洞

Total Avengers Totaljs Framework is a Javascript-based codebase for building web, desktop, service or IoT applications from Total Avengers Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications. Total Avengers A security vulnerability exis...

CVE-2022-41392

The CVE-2022-41392 entry affects TotalJS (commit 8c2c8909). The vulnerability is an XSS flaw exposed via the Website name field in Main Settings, where a crafted payload can execute arbitrary web scripts or HTML. Core details specify the vulnerable component and version (TotalJS 8c2c8909) and des...

Batch-Move Posts <= 1.5 - Broken Authentication leading to Unauthenticated Stored XSS

An attacker can add a Cross-Site Scripting XSS payload remotely without any authentication. The Payload gets triggered when an Admin visits the settings page of the plugin. Edit WPScanTeam: The plugin is still affected and has been closed. Vulnerable code is from lines 68 to 84. The code gets the...

68kb Knowledge Base 1.0.0rc3 - Edit Main Settings CSRF

No description provided by source. Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 html body onload=document.forms'editsettings'.submit form...

68KB Knowledge Base 1.0.0rc3 - Cross-Site Request Forgery (Edit Main Settings)

68KB Knowledge Base 1.0.0rc3 - Cross-Site Request Forgery Edit Main Settings Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 escapable'...

68kb Knowledge Base v1.0.0rc3 edit main settings CSRF

Exploit for php platform in category web applications ===================================================== 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF ===================================================== Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF Date:...

LokiCMS admin.php文件绕过安全限制漏洞

BUGTRAQ ID: 29448 LokiCMS是一款简单易用的网络内容管理系统。 LokiCMS的admin.php文件中存在逻辑错误，如果远程攻击者在所提交的HTTP POST请求中设置了LokiACTION和其他参数的话，则无需管理权限就可以设置CMS main settings。 以下是有漏洞的代码段： admin.php Lines:24-42 if isset $POST && isset $POST'LokiACTION' && strlen trim $POST'LokiACTION' 0 // we have an action to do switch trim...