CVE-2026-44737

Grav grav-plugin-admin is affected by a XSS in the /admin/pages/[page] endpoint, via data[header][title], reported before upgrading to 1.10.49.5. The vulnerability arises from improper validation/sanitization of the data[header][title] parameter, leading to an injected script being reflected in t...

Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Impact The PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pagesPath directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can u...

GHSA-HM3F-Q6RW-M6WH Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Impact The PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pagesPath directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can u...

CVE-2026-30848

Parse Server’s PagesRouter is vulnerable to a path traversal issue prior to versions 8.6.8 and 9.5.0-alpha.8. The boundary check uses a string prefix comparison without enforcing a directory separator boundary, enabling unauthenticated access to files outside the configured pagesPath by traversal...

PT-2026-23872

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.8 Parse Server versions prior to 9.5.0-alpha.8 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains a path traversal flaw in the PagesRouter static file serving...

PT-2025-48569

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.11.0-beta.1 Description The Grav admin plugin, an HTML user interface for configuring Grav and managing pages, contains a Stored Cross-Site Scripting XSS issue. An attacker can inject malicious scripts into the...

CampCodes Sales and Inventory System 注入漏洞

CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in CampCodes Sales and Inventory System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file /pages/customerupdate.php...

Code-Projects Tourism Management System 安全漏洞

Code-Projects Tourism Management System is an open source tourism management system from Code-Projects. A security vulnerability exists in Code-Projects Tourism Management System version 1.0, which stems from the parameter pgedetails in the file /admin/manage-pages.php that can lead to a cross-si...

Car Rental Management System 安全漏洞

Car Rental Management System is an open source car rental management system from CampCodes. A security vulnerability exists in Car Rental Management System version 1.0, which stems from the parameter pgdetails in the file /admin/manage-pages.php that can lead to a cross-site scripting attack...

CVE-2023-3529

A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=IDampersandmethod=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy...

CVE-2018-3744

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL...