Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ajaxblackListpost process. An attacker can execute arbitrary JavaScript in the browser of other administrators by injecting malicious inpu...

CVE-2026-30082

Multiple stored cross-site scripting XSS vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

CVE-2026-4991

CVE-2026-4991 affects QDOCS Smart School Management System (up to 7.2). The vulnerability resides in the Admission Enquiry Module’s /admin/enquiry, where manipulating the Note argument triggers cross-site scripting. This can be exploited remotely. The provided sources do not specify affected vend...

CVE-2026-4991

A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission Enquiry Module. Performing a manipulation of the argument Note results in cross site scripting. The attack is possible ...

EUVD-2025-27215

Malicious code in bioql PyPI...

CVE-2025-10121

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10121 uverif kami_list addbatch sql injection

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10121 uverif kami_list addbatch sql injection

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

uverif 安全漏洞

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif 3.2 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter note of the function addbatch in the file /admin/kamilist...

CVE-2013-4620

Cross-site scripting XSS vulnerability in interface/main/onotes/officecommentsfull.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter...

PHPGurukul e-Diary Management System 注入漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter mark of the view-note.php file. An attacker can exploit...

CVE-2024-9030

A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This vulnerability affects unknown code of the file /deal/noteid/note. The manipulation of the argument notes leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to th...

PT-2023-32330 · Sourcecodester · Sourcecodester Sticky Notes App

Name of the Vulnerable Software and Affected Versions: SourceCodester Sticky Notes App version 1.0 Description: A critical vulnerability has been found in the SourceCodester Sticky Notes App, affecting the file endpoint/delete-note.php. The manipulation of the note argument leads to SQL injection...

SourceCodester Sticky Notes SQL Injection Vulnerability

SourceCodester Sticky Notes is a sticky notes application. A security vulnerability exists in SourceCodester Sticky Notes version 1.0, which stems from a SQL injection vulnerability in the parameter note in the file endpoint/delete-note.php...

PT-2023-17310 · Thorsten · Phpmyfaq

Name of the Vulnerable Software and Affected Versions: thorsten/phpmyfaq versions prior to 3.1.12 Description: The issue is related to Cross-site Scripting XSS - DOM, where the software fails to sanitize user input in the configuration privacy note URL parameter. This allows for potential...

CVE-2019-8436

imcat 4.5 has Stored XSS via the root/run/adm.php fminstopnote parameter...

Blog System v1.2 SQL inj. vuln.

Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...