CVE-2025-0470

CVE-2025-0470 concerns the WordPress plugin Forminator Forms – Contact Form, Payment Form & Custom Form Builder. The issue is a Reflected Cross-Site Scripting (XSS) vulnerability in the title parameter, arising from insufficient input sanitization and output escaping. It affects all versions up t...

TOTOLINK X5000R week parameter command injection vulnerability in setWiFiScheduleCfg function

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK X5000R version V9.1.0cu.2350B20230313, which stems from the "week" parameter in setWiFiScheduleCfg failing to correctly filter constructed command special characters,...

CVE-2024-57030

Summary: CVE-2024-57030 affects Wegia prior to 3.2.0 and is a reflected Cross Site Scripting (XSS) vulnerability in the endpoint /geral/documentos_funcionario.php via the id parameter. The vulnerability is documented with a CVSS v3.1 base score of 8.1 (HIGH) with NETWORK attack vector, HIGH impac...

CVE-2024-4527

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/studentpaymentdetails2.php. The manipulation of the argument index leads to cross site scripting. It is possible to laun...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a code execution vulnerability that stems from the application's failure to properly filter construct command special characters, commands, etc. An attacker can exploit the vulnerability ...

CVE-2020-22597

An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecmabuiltinarrayprototypeobjectslice parameter...

CVE-2022-45517

Tenda W30E V1.0.1.25633 was discovered to contain a stack overflow via the page parameter at /goform/VirtualSer...

CVE-2022-44859

Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manageproduct.php...

CVE-2022-44019

In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter...

phpMyAdmin Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in libraries/config/ConfigFile.class.php in the setup interface in phpMyAdmin 3.4.x before 3.4.9 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

osTicket Cross-Site Scripting Vulnerability

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/class.queue.php...

CVE-2016-11015

NETGEAR JNR1010 devices prior to firmware 1.0.0.32 are affected by a CSRF vulnerability in the web UI: cgi-bin/webproc can be invoked via the parameter :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL. The issue enables cross-site request forgery. Remediation: upgrade to firmware vers...

DouCo DouPHP cross-site scripting vulnerability (CNVD-2019-00997)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/product.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CraftedWeb Cross-Site Scripting Vulnerability (CNVD-2018-18899)

CraftedWeb is a CMS Content Management System for game servers. A cross-site scripting vulnerability exists in CraftedWeb versions 2013-09-24 and earlier, which can be exploited by remote attackers to inject arbitrary web script or HTML with the help of the 'p' parameter...

PHP Scripts Mall Single Theater Booking Script SQL Injection Vulnerability

PHP Scripts Mall Single Theater Booking Script is a PHP and MySQL based online theater booking system script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Single Theater Booking Script version 3.2.1. A remote attacker can exploit this vulnerability by sending...

Strongsoft AjaxMapCustomAction. ashx parameter param SQL injection vulnerability

No description provided by source...

Adobe Flash - Uninitialized Stack Parameter Access in AsBroadcaster.broadcastMessage UaF Fix

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=717 The ActionScript parameter conversion in the fix for an issue in the December Flash bulletin https://helpx.adobe.com/security/products/flash-player/apsb15-32.html, most likely...

Joomla 模块com_cckjseblod 参数file任意文件读取漏洞

No description provided by source...

kppw keke_core_class.php 参数keke_auto_login SQL注入

No description provided by source...

Open Web Analytics 1.5.4 - (owa_email_address param) - SQL Injection Vulnerability

No description provided by source...