CVE-2025-6791

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

Stored XSS in Edit user member profile

Description When making changes to update information, there is a country parameter to insert the xss payload Step 1 : Update user Personal information Proof of Concept // PoC request: // payload: "alertString.fromCharCode88,83 POST /pbboard/index.php?page=usercp&control=1&info=1&start=1 HTTP/1.1...

Download Manager < 3.2.48 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the 'Insert URL' field, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. Note: The attempted fix made in 3.2.46 and 3.2.47 were found to be insufficient As a contributor, create/edit a download and pu...

Cross site scripting

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting XSS vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where t...

JSON Swagger CodeGen Parameter Injector

This module generates an Open API Specification 2.0 Swagger compliant json document that includes payload insertion points in parameters. In order for the payload to be executed, an attacker must convince someone to generate code from a specially modified swagger.json file within a vulnerable...