Cups Easy cross-site scripting vulnerability (CNVD-2024-12238)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/taxstructurecreate.php page. An attacker...

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the currencyid parameter on the /cupseasylive/currencymodify.php page. An attacker coul...

HelpDeskZ cross-site scripting vulnerability (CNVD-2022-59046)

HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...

MediaWiki fails to properly verify input passed to the user language option

Overview A vulnerability in some versions of MediaWiki may allow a remote attacker to execute code on a vulnerable wiki server. Description MediaWiki is a PHP-based software package that is used to run a wiki, a collaborative website that can be edited by any user or visitor. Some versions of the...

woltlabXSS.txt

Advisory Information -------------------- Advisory name : Woltlab Burning Board Lite formmail.php XSS Discovered by : drhankey / it-security23.net Vendor Name : Woltlab Vendor Homepage : http://www.woltlab.de Software : Woltlab Burning Board Lite Vulnerability Type : Cross-Site-Scripting Vulnerab...