emlog 代码注入漏洞

emlog is a PHP and MySQL based CMS for personal developers of emlog. A code injection vulnerability exists in emlog 2.4.1 and earlier versions, which stems from a cross-site scripting attack caused by manipulation of the msg parameter in the /include/lib/common.php library...

PT-2024-19583 · Unknown · Boyiddha Automated-Mess-Management-System

Name of the Vulnerable Software and Affected Versions: boyiddha Automated-Mess-Management-System version 1.0 Description: A problematic vulnerability was found in the Chat Book component of the boyiddha Automated-Mess-Management-System, specifically in the file /member/chat.php. The manipulation ...

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

CVE-2024-25435

A cross-site scripting XSS vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter...

PT-2024-15784 · Unknown · Project Worlds Student Project Allocation System

Name of the Vulnerable Software and Affected Versions: Project Worlds Student Project Allocation System version 1.0 Description: A vulnerability was found in the Admin Login Module, specifically affecting the file admin login.php. The issue allows for cross-site scripting through the manipulation...

PT-2024-15031 · WordPress · Post Smtp Mailer/Email Log

Name of the Vulnerable Software and Affected Versions: The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress versions up to, and including, 2.8.6 Description: The issue is related to Reflected Cross-Site Scripting via the msg...

CVE-2023-46015

Cross Site Scripting XSS vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL...

CVE-2023-46015

Cross Site Scripting XSS vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL...

Exploit for Cross-site Scripting in Code-Projects Blood_Bank

CVE-2023-46015-Code-Projects-Blood-Bank-1.0-Reflected-Cross-Si...

CVE-2023-2922

CVE-2023-2922 affects SourceCodester Comment System 1.0. The vulnerability is in the index.php file, within the GET Parameter Handler, where tampering the msg parameter triggers cross-site scripting. Exploitation is possible remotely and has been disclosed publicly. Several connected sources corr...

Exploit for Cross-site Scripting in Phpgurukul Zoo_Management_System

CVE-2022-31897 Date: 06/22/2022 Exploit Author: Angelo Pi...

CVE-2021-39319 duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting

The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the /duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8...

WordPress 插件 跨站脚本漏洞

duoFAQ - Responsive, Flat, Simple FAQ plugin is a WordPress open source application plugin. duoFAQ - Responsive, Flat, Simple FAQ plugin for WordPress suffers from a cross-site scripting vulnerability. The vulnerability stems from a lack of data validation filtering of user-supplied data and...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. simple Image Gallery plugin is a WordPress open source application plugin. the WordPress Simple Image Gallery plugin ha...

VFront 跨站脚本漏洞

vfront is a free open source front-end for MySQL or PostgreSQL databases written in PHP and Javascript. vfront version 0.99.5 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via the s parameter in...

CVE-2021-42663

An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a...

CVE-2021-27940

resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter...