3 matches found
CVE-2025-41343 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'...
Webkul QloApps 跨站脚本漏洞
Webkul QloApps is a free and open source hotel reservation and online booking system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a cross-site scripting XSS vulnerability. An attacker can use this vulnerability to obtain a user's session cookie and then emula...
CVE-2017-17103
Fiyo CMS 2.0.7 has SQL injection in /apps/appuser/sysuser.php via $POSTname or $POSTemail. This vulnerability can lead to escalation from normal user privileges to administrator privileges...