19 matches found
📄 FreeBSD Routing Socket Input Validation
This proof of concept exploit attempts to test the robustness of the FreeBSD routing socket subsystem by crafting a RTMADD message containing an intentionally oversized sockaddr structure salen greater than the traditional sockaddrstorage limit of 128 bytes...
CVE-2025-67344
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting XSS vulnerability via the /msg/add endpoint...
CVE-2025-67344
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting XSS vulnerability via the /msg/add endpoint...
PT-2025-50955
Name of the Vulnerable Software and Affected Versions jshERP versions prior to 3.5 Description The software is susceptible to a stored Cross Site Scripting XSS issue. The vulnerability exists through the /msg/add API endpoint. An attacker could potentially inject malicious scripts that are then...
jshERP 安全漏洞
jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP v3.5 and earlier versions, which stems from a stored cross-site scripting vulnerability in the /msg/add endpoint...
CVE-2025-67344
jshERP v3.5 and earlier is affected by a stored Cross Site Scripting XSS vulnerability via the /msg/add endpoint...
CVE-2025-40989
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...
CVE-2025-40989
CVE-2025-40989 describes a stored cross-site scripting vulnerability in Ekushey CRM v5.0 (Creativeitem) caused by insufficient validation of user input in the POST endpoint dealing with the applicant’s message, specifically the API path that includes the message parameter. The affected component ...
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
Cross site scripting
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
CVE-2022-28522
ZCMS v20170206 was discovered to contain a stored cross-site scripting XSS vulnerability via index.php?m=home&c=message&a=add...
thinkphp-zcms 跨站脚本漏洞
thinkphp-zcms is open source a cms system based on thinkphp3.2 development , more comprehensive features . thinkphp-zcms cross-site scripting vulnerability , the vulnerability stems from index.php?m=home&c=message&a=add cross-site scripting vulnerability...
CVE-2020-19705
thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home&c=message&a=add...
CVE-2020-23974
Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Messagetitle-tag, Add new client all-tags...
WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2019-05294)
WUZHI CMS is five fingers WUZHI company based on PHP and MySQL open source content management system CMS. WUZHI CMS version 4.1.0 cross-site scripting vulnerability, remote attackers can use the /index.php?m=message&f=message&v=add URL of the 'username' parameter to use the vulnerability to injec...
The vulnerability in the messageAddArgument function of the Clam Antivirus protection library allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability in the AddArgument function of the Clam Antivirus protection tool arises from an operation that goes beyond the buffer boundaries in memory during message processing. Exploiting this vulnerability allows a remote attacker to cause service failures or execute arbitrary code using...
CVE-2008-4631
Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from third party information...