162 matches found
CVE-2018-25406
eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Attackers can inject SQL through the artid, cid, did, contid, and aboutid parameters across...
CVE-2026-48217 Open ISES Tickets < 3.44.2 Reflected XSS via delete_module.php Multiple POST Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in deletemodule.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters modulechoice, flag, confirmation directly into render...
Joomla Solidres 跨站脚本漏洞
Joomla Solidres is an open-source extension for hotel booking and room status management by Solidres. Version 2.13.3 of Joomla Solidres contains a cross-site scripting vulnerability. This vulnerability arises from improper handling of multiple GET parameters, which may lead to reflective cross-si...
CVE-2025-50661
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...
CVE-2025-50666
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /webpost.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, userid, log, and time...
PT-2026-31398
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user id, log, and time...
CVE-2026-2231
The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when including multiple regular expression parameters in a single segment, separated by something that is not a period .. Poor performance will block the event loop and can lead to a DoS. Note:...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS when including multiple regular expression parameters in a single segment, separated by something that is not a period .. Poor performance will block the event loop and can lead to a DoS. Note:...
CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters
The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters
The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web script...
CVE-2026-2231
The CVE-2026-2231 entry concerns the Fluent Booking plugin for WordPress. Affected component: the plugin’s stored XSS via multiple parameters in all versions up to 2.0.01, caused by insufficient input sanitization and output escaping. Impact: unauthenticated attackers can inject arbitrary web scr...
CVE-2015-20114 RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...
CVE-2015-20114 RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...
PT-2026-25717
Next Click Ventures RealtyScript 4.0.2 contains a cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious input through multiple parameters that are not properly sanitized. Attackers can craft requests with injected script payloads...
Netartmedia PHP Mall SQL注入漏洞
Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from multiple parameters that are susceptible to SQL injections, potentially allowing unverifie...
CVE-2026-26792
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain multiple command injection vulnerabilities in the setupgrade function via the modemurl, targetversion, currentversion, firmwareupload, hashtype, hashvalue, and upgradetype parameters. These vulnerabilities allow attackers to execute arbitrary...
EUVD-2026-11265
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters...
CVE-2026-3710
A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitati...
CVE-2025-59905
Cross-Site Scripting XSS vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately reflected in the HTTP response and executed in the...