6 matches found
CVE-2026-40522
FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to extract arbitrary database data by injecting UNION SELECT payloads into the PARAM0 POST parameter. Attackers can supply malicious SQL syntax through the...
CVE-2026-26464
Stored Cross-Site Scripting XSS was found in the /admin/edituser.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that is executed in users' browsers. This vulnerability can be exploited via the name parameter in a POST...
EUVD-2012-6589
Malware in sbrugna...
CVE-2024-22633
Setor Informatica Sistema Inteligente para Laboratorios S.I.L. 388 was discovered to contain a remote code execution RCE vulnerability via the hprinter parameter. This vulnerability is triggered via a crafted POST request...
Cross site scripting
A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/...
WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting
WUZHI CMS 4.1.0 - tagpinyin Cross-Site Scripting Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An...