CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

CVE-2025-33150

IBM Cognos Analytics Certified Containers 12.1.0 could disclose package parameter information due to the presence of hidden pages...

CVE-2025-59055

InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...

CVE-2025-59055 InstantCMS vulnerable to Server-Side Request Forgery via package installer

InstantCMS is a free and open source content management system. A blind Server-Side Request Forgery SSRF vulnerability in InstantCMS up to and including 2.17.3 allows authenticated remote attackers to make nay HTTP/HTTPS request via the package parameter. It is possible to make any HTTP/HTTPS...

InstantCMS 代码问题漏洞

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

Remote Code Execution (RCE)

pyloadng is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe path construction in the addcrypted endpoint via the package parameter, which allows unauthenticated attackers to write arbitrary files outside the designated directory, enabling privilege escalation and remot...

BIT-PYTHON-MIN-2021-23336 Web Cache Poisoning

The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parseqsl and urllib.parse.parseqs by using a vector called parameter cloaking. When the attacker can...

CVE-2024-7678

A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=savepackage. The manipulation of the argument name/description/trainingduration leads to...

LibreNMS SQL注入漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A security vulnerability exists in LibreNMS versions prior to 24.4.0. An attacker...

PT-2024-24590

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.4.0 Description A SQL injection vulnerability in the POST /search/search=packages endpoint in LibreNMS allows a user with global read privileges to execute SQL commands via the package parameter. This vulnerabilit...

CVE-2021-22055

The SchedulerServer in Vmware photon allows remote attackers to inject logs through \r in the package parameter. Attackers can also insert malicious data and fake entries...

Vmware photon 注入漏洞

Vmware Photon is a container-optimized cloud platform from US-based Vmware. A security vulnerability exists in SchedulerServer in Vmware photon that allows a remote attacker to inject logs via the package parameter in the inject logs. An attacker could also insert malicious data and fake entries...

CVE-2020-15616

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the package parameter, the...

PT-2020-14539 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The specific flaw exists within the...

BWA DiREX-Pro Remote Code Execution Vulnerability

BWA Technology DiREX-Pro is a network video recorder from BWA Technology, Germany. A security vulnerability exists in BWA Technology DiREX-Pro version 1.2181. The vulnerability can be exploited by a remote attacker to execute arbitrary operating system commands by sending the 'PKG' parameter with...

CVE-2017-16774

Cross-site scripting XSS vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager DSM before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter...

CVE-2017-16774

Cross-site scripting XSS vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager DSM before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter...

CVE-2017-16774

Cross-site scripting XSS vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager DSM before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter...

PT-2019-8138 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions prior to 6.1.4-15217-3 Description: A cross-site scripting XSS issue exists, allowing remote authenticated users to inject arbitrary web script or HTML. This is due to insufficient validation of user...

CVE-2013-4625

Cross-site scripting XSS vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter...