EUVD-2021-28080

Malicious code in bioql PyPI...

EUVD-2022-24556

Malicious code in bioql PyPI...

CVE-2022-1216

The Advanced Image Sitemap WordPress plugin through 1.2 does not sanitise and escape the PHPSELF PHP variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

CVE-2021-40928

Cross-site scripting XSS vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHPSELF parameter...

CVE-2014-8365

Multiple cross-site scripting XSS vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 email parameter to contact.php or 3 PATHINFO to setup.php, related to the "PHPSELF" variable...

CVE-2017-14070

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to ipsearch.php, related to PHPSELF...

CVE-2017-14534

Cross Site Scripting XSS exists in NexusPHP 1.5.beta5.20120707 via the PATHINFO to location.php, related to PHPSELF...

PHP-Nuke Top Module SQL Injection

Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...

CVE-2024-25976

The CVE-2024-25976 entry refers to HAWKI (HAWK Digital Environments)—a university teaching interface. When LDAP authentication is enabled, the application reflects the value of $_SERVER['PHP_SELF'] in login.php, enabling reflected XSS that allows arbitrary JavaScript execution in the victim’s bro...

Panel.SmokeLoader MVID-2024-0681 Cross Site Scripting

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/4b5fc3a2489985f314b81d35eac3560f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Panel.SmokeLoader Vulnerability: Cross Site Scripting XSS Family: SmokeLoader Type: Web...

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

CVE-2020-25730

ZoneMinder fixable XSS (CVE-2020-25730) affects ZoneMinder

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

CVE-2020-25730

Cross Site Scripting XSS vulnerability in ZoneMinder before version 1.34.21, allows remote attackers execute arbitrary code, escalate privileges, and obtain sensitive information via PHPSELF component in classic/views/download.php...

Additional Order Filters for WooCommerce < 1.12 - Reflected XSS

Description The plugin does not sanitise and escape the PHPSELF variable before outputting it back in an attribute in an admin page, leading to Reflected Cross-Site Scripting...

Cross site scripting

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...

CVE-2023-4290 WP Matterport Shortcode < 2.1.7 - Reflected XSS

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHPSELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin...