WordPress plugin Auto Affiliate Links 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-41924

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

EUVD-2026-18426

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An...

Dolibarr ERP/CRM SQL注入漏洞

Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system developed by the Dolibarr Foundation in France. This system can be used to manage products, inventory, invoices, orders, etc. Version 10.0.1 of Dolibarr ERP/CRM has a SQL injection...

CVE-2019-25426

Comodo Dome Firewall 2.7.0 is affected by a reflected cross-site scripting vulnerability in the dnsmasq endpoint. The issue allows an attacker to inject and execute arbitrary JavaScript in a user’s browser by sending crafted input via POST requests to the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_...

CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

CVE-2025-60641

The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserializebase64decode$POST'mexcel', where $POST'mexcel' is user-controlled input. This input is decoded from base64 and deserialized without validation or use of the allowedclasses option, allowing an attacker to...

EUVD-2012-6592

Malware in sbrugna...

EUVD-2007-0964

Malware in sbrugna...

EUVD-2025-26183

Malicious code in bioql PyPI...

CVE-2025-40989 Stored XSS in Creativeitem Ekushey CRM

Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/projectmessage/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a speciall...

CVE-2025-40709

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-51967

A Reflected Cross-site Scripting XSS vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's...

Linux Distros Unpatched Vulnerability : CVE-2018-25047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smartyfunctionmailto, and that could be...

CVE-2025-40709

OpenAtlas v8.9.0 is affected by a Cross-Site Scripting (XSS) vulnerability due to inadequate validation of user input in POST requests to /insert/person/, specifically the name and alias-0 parameters. The issue could allow a remote, authenticated attacker to craft queries that steal session cooki...

PT-2025-35207

Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: An issue exists in OpenAtlas that could allow a remote user to send specially crafted queries to an authenticated user and potentially steal their session cookie details. This is due to inadequate validati...

OpenAtlas 跨站脚本漏洞

OpenAtlas is an Android non-proxy dynamic deployment framework from the Austrian company OpenAtlas. A cross-site scripting vulnerability exists in OpenAtlas version v8.9.0, which stems from insufficient validation of user input in a POST request and could lead to a cross-site scripting attack...

OpenAtlas 跨站脚本漏洞

OpenAtlas is an Android non-proxy dynamic deployment framework from the Austrian company OpenAtlas. A cross-site scripting vulnerability exists in OpenAtlas version v8.9.0, which stems from insufficient validation of user input in a POST request and could lead to a cross-site scripting attack...

CVE-2011-10011

WeBid 1.0.2 contains a remote code injection vulnerability in the converter.php script, where unsanitized input in the to parameter of a POST request is written directly into includes/currencies.php. This allows unauthenticated attackers to inject arbitrary PHP code, resulting in persistent remot...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the discriminantFormula and r1Formula processes due to improper user input sanitization. An...