CVE-2025-29772

OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hiddensubcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting XSS vul;nerability in CAMOS new.php. This...

CVE-2025-29772 OpenEMR allows Reflected XSS in CAMOS new.php

OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hiddensubcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting XSS vul;nerability in CAMOS new.php. This...

CVE-2025-29772 OpenEMR allows Reflected XSS in CAMOS new.php

OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hiddensubcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting XSS vul;nerability in CAMOS new.php. This...

PT-2025-4060 · Codezips · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical issue has been found in the system, affecting some unknown functionality of the file "/dashboard/admin/submit plan new.php". The manipulation of the planid argument leads to s...

PT-2024-16433 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions 2017 up to 11.9 Description: A critical issue has been identified, affecting unknown code in the file /pda/reportshop/new.php. The manipulation of the repid argument leads to SQL injection. This issue can be exploited...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from a SQL injection vulnerability in the repid parameter of the /pda/reportshop/new.php page...

WordPress Travelscape Theme 1.0.3 Arbitrary File Upload

Exploit Title: Wordpress Theme Travelscape v1.0.3 - Arbitrary File Upload Date: 2024-04-01 Author: Milad Karimi Ex3ptionaL Category : webapps Tested on: windows 10 , firefox import sys import os.path import requests import re import urllib3 from requests.exceptions import SSLError from...

cross site scripting - reflected

The reflected XSS vulnerability occurs to a flaw in the cleanxsstags function called in new.php of Gnuboard 5. 1. Open the https://sir.kr/bbs/new.php?darkmode=%22%3E%3Cscript%3Ealertdocument.domain%3C/script%3E 2. payload executing...

OpenClinic Code Issues Vulnerabilities

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management. A code issue vulnerability exists in OpenClinic version 0.8.2 that stems from the effects of a medical test new.php insecure file upload...

OpenEMR New.php Command Injection (CVE-2019-3968)

A command injection vulnerability exists in OpenEMR New.php. Successful exploitation of this vulnerability could result in arbitrary command execution on the affected system...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 unspecified parameters to apps/calendar/ajax/event/new.php or 2 url parameter to apps/bookmarks/ajax/addBookmark.php...

CVE-2019-13972

LayerBB 1.1.3 allows XSS via the application/commands/new.php pmtitle variable, a related issue to CVE-2019-17997...

WordPress 3.7.x < 3.7.24 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

WordPress 4.7.x < 4.7.8 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

WordPress 4.5.x < 4.5.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - wp-admin/user-new.php sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access...

CVE-2017-17091

wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string...

WordPress Photocrati NextGEN Gallery Plugin File Upload Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Photocrati NextGEN Gallery plugin is one of the image management plugin. A security vulnerability exists in the...

WordPress SEO by Yoast 'post-new.php' Plugin HTML Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress SEO by Yoast is one of the search engine optimization plugins. A security vulnerability exists in the...

CVE-2015-4065

Summary (CVE-2015-4065) : The WordPress Landing Pages plugin (versions before 1.8.5) contains an XSS vulnerability in shared/shortcodes/inbound-shortcodes.php. An authenticated remote user can inject arbitrary script/HTML via the post parameter passed to wp-admin/post-new.php, caused by echoing u...

ShrimpTest 1.0b2 - admin/experiment-new.php Multiple Unspecified XSS

The shrimptest WordPress plugin was affected by an admin/experiment-new.php Multiple Unspecified XSS security vulnerability...