EUVD-2022-2918

Malicious code in bioql PyPI...

CVE-2025-9939

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2025-9939

A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2025-9940 CodeAstro Real Estate Management System feature.php cross site scripting

A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used...

CodeAstro Real Estate Management System 代码注入漏洞

CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A code injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which stems from improper manipulation of the parameter msg in the file /feature.php, which could lead to a...

CVE-2025-9755

A vulnerability has been found in Khanakag-17 Library Management System up to 60ed174506094dcd166e34904a54288e5d10ff24. This affects an unknown function of the file /index.php. The manipulation of the argument msg leads to cross site scripting. Remote exploitation of the attack is possible. The...

CVE-2025-9755

A vulnerability has been found in Khanakag-17 Library Management System up to 60ed174506094dcd166e34904a54288e5d10ff24. This affects an unknown function of the file /index.php. The manipulation of the argument msg leads to cross site scripting. Remote exploitation of the attack is possible. The...

Library Management System 安全漏洞

Library Management System is a library management system with QR code for attendance and automatic generation of library cards by King Albaracin Individual Developer. A security vulnerability exists in Library Management System, which is a result of cross-site scripting due to an incorrect...

PT-2025-35436

Name of the Vulnerable Software and Affected Versions: Khanakag-17 Library Management System affected versions not specified Description: A cross-site scripting issue exists in Khanakag-17 Library Management System. The vulnerability is related to the manipulation of the msg argument of the...

PT-2025-34257 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.7 Description: WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability exists in the pre cadastro adotante.php endpoint. Attackers can inject malicious scripts through...

Chat System send_message.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter msg in the file /user/sendmessage.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

CVE-2025-53824

CVE-2025-53824 concerns WeGIA, an open source web manager. A Reflected XSS exists in the editar_permissoes.php endpoint (pre-3.4.4) via the msg_c parameter. The flaw could allow injection of script code when a user is reflected, with the official fix in version 3.4.4. No exploitation details are ...

CVE-2025-7408

A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animalformtemplate.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated...

SourceCodester Zoo Management System 代码注入漏洞

SourceCodester Zoo Management System is a SourceCodester open source zoo management system. A code injection vulnerability exists in SourceCodester Zoo Management System version 1.0, which originates from a cross-site script that can be caused by manipulation of the parameter msg in file...

CVE-2025-2077

The Simple Amazon Affiliate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

Quorum onQ 安全漏洞

Quorum onQ is a backup solution from Quorum. A security vulnerability exists in Quorum onQ version v.6.0.0.5.2064, which originates from a cross-site scripting vulnerability that allows remote attackers to obtain sensitive information via the msg parameter in the Login page...

PT-2025-3433 · Unknown · Informationpush

Name of the Vulnerable Software and Affected Versions: InformationPush master version Description: The issue allows a remote attacker to obtain sensitive information via the title, time, and msg parameters. This is a Cross Site Scripting vulnerability. Recommendations: For InformationPush master...

CVE-2024-57372

CVE-2024-57372 is an XSS vulnerability in InformationPush master version. The flaw allows a remote attacker to obtain sensitive information through the vulnerable parameters title , time , and msg . The available connected documents confirm the affected software (InformationPush master) and the e...

PT-2025-4780 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Reflected Cross-Site Scripting XSS issue was identified in the tags.php endpoint of the WeGIA application. This issue allows attackers to inject malicious scripts in the msg e parameter due to the...

emlog 代码注入漏洞

emlog is a PHP and MySQL based CMS for personal developers of emlog. A code injection vulnerability exists in emlog 2.4.1 and earlier versions, which stems from a cross-site scripting attack caused by manipulation of the msg parameter in the /include/lib/common.php library...