HelpDeskZ Cross-Site Scripting Vulnerability

HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...

WordPress VikBooking Hotel Booking Engine

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress VikBooking Hotel Booking Engine...

YOURLS Cross-Site Scripting Vulnerability

YOURLS is a PHP-based short linking platform. YOURLS versions prior to 1.8.2 are vulnerable to a cross-site scripting vulnerability that originates when the program does not properly validate user input during page generation. An attacker could use this vulnerability to launch a cross-site...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2022-72212)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. A cross-site scripting vulnerability exists in Subrion CMS version 4.2.1 and earlier, which stems from a lack of data validation of user-supplied data and output in the "Contact Us" plugin of the "Topic List". data an...

CSZ CMS SQL Injection Vulnerability (CNVD-2022-30778)

CSZ CMS is a PHP-based open source content management system CMS. CSZ CMS version 1.2.2 is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements in cszcmsadminUserseditUser, and can be used by attackers to execute illegal SQL commands to obtain...

SourceCodester Employee Performance Evaluation SQL注入漏洞

SourceCodester Employee Performance Evaluation is a Php-based site builder for employee performance management from SourceCodester. sourceCodester Employee Performance Evaluation SQL injection vulnerability, which can be exploited by attackers to perform SQL injection via email parameters...

Maccms Cross-Site Scripting Vulnerability (CNVD-2022-30792)

Maccms is a PHP-based film and television content management system CMS. maccms v10 version of the cross-site scripting vulnerability, the vulnerability stems from the wd parameter in /admin.php/admin/ulog/index.html lack of user-supplied data and output data validation filter, an attacker can us...

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Researchers have disclosed an unpatched security vulnerability in "dompdf," a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations. "By injecting CSS into the data processed by dompdf, it can be tricked into storing a...

Subrion CMS Cross-site Request Forgery Vulnerability (CNVD-2022-20162)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which allows a remote, unauthenticated, malicious user to send authorizati...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2022-20164)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which can be exploited by attackers via the q parameter in the Kickstart...

Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2022-20163)

Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which can be exploited by attackers via the configuration panel...

BloofoxCms Cross-Site Scripting Vulnerability (CNVD-2022-17027)

BloofoxCms is a Php-based text content management system from alexlang24 personal developer. bloofoxCMS suffers from a cross-site scripting vulnerability that stems from the lack of user-supplied data and output data validation filtering in the file and type parameters in index.php. An attacker...

Accounting Journal Management Cross-Site Scripting Vulnerability

Accounting Journal Management is a simple PHP-based accounting journal management system with a trial balance. accounting Journal Management version 1.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of filtering of user-supplied data and The vulnerability is caused ...

BloofoxCms SQL注入漏洞

BloofoxCms is a Php based text content management system. A SQL injection vulnerability exists in BloofoxCms versions 0.5.1 inclusive to 0.5.2.1 inclusive due to the following parameters "URLs,langid,tmplid,modrewrite,etadoctype,metacharset,default group,page group" lacks validation of externally...

S-Cart path traversal vulnerability

S-cart, a Php-based e-commerce management platform from the S-cart community, suffers from a path traversal vulnerability that stems from the failure of a web-based system or product to properly filter special elements in the path of a resource or file. An attacker could exploit the vulnerability...

OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33602)

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports direct editing in pages and provides user management, site configuration, content editing and other functions.Exponent CMS has a cross-site scripting vulnerability, which...

OIC Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2022-33604)

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports editing directly in the page and provides user management, site configuration, content editing and other functions. oic Exponent CMS has a cross-site scripting vulnerability,...

spotweb Cross-Site Scripting Vulnerability (CNVD-2022-08194)

Spotweb is a Php-based Soptnet client from the Spotweb team that follows the Spotnet protocol. JavaScript code...

Z-BlogPHP arbitrary file deletion vulnerability

Z-BlogPHP is an open source PHP-based blogging system from the Z-blog community.Z-BlogPHP is vulnerable to an arbitrary file deletion vulnerability that stems from the inclusion of an arbitrary file deletion vulnerability via appdel.php. No detailed vulnerability details are currently available...

CVE-2021-40577

A Stored Cross Site Scripting XSS vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter...