EUVD-2026-20472

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

📄 tpAdmin 1.3.12 Shell Upload

tpAdmin versions 1.3.12 and below suffer from a remote shell upload vulnerability due to improper validation of file uploads within the preview.php component under /admin/lib/webuploader/0.1.5/server/...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the preview.php file. An attacker can execute arbitrary code and compromise confidentiality, integrity, and availability by sending specially crafted serialized data to the affected endpoint. Detail...

CVE-2026-2113

A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization. The attack is possible to be carried out...

PT-2026-6920

Name of the Vulnerable Software and Affected Versions yuan1994 tpadmin versions up to 1.3.12 Description A security issue exists in yuan1994 tpadmin up to version 1.3.12. The issue is related to deserialization within the WebUploader component, specifically in the file...

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

CVE-2021-47919 Simple CMS 2.1 Non-Persistent Cross-Site Scripting via Preview Parameter

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

CVE-2021-47919

Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks...

Simple CMS 跨站脚本漏洞

Simple CMS is an open-source content management system developed using Simple PHPScripts. Version 2.1 of Simple CMS has a cross-site scripting vulnerability. This vulnerability stems from the id parameter in the preview.php file, which allows for the execution of arbitrary scripts...

CVE-2025-15426

A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might...

CVE-2025-10827 PHPJabbers Restaurant Menu Maker preview.php cross site scripting

A weakness has been identified in PHPJabbers Restaurant Menu Maker up to 1.1. Affected by this issue is some unknown functionality of the file /preview.php. This manipulation of the argument theme causes cross site scripting. The attack may be initiated remotely. The exploit has been made availab...

PT-2025-39095

Name of the Vulnerable Software and Affected Versions PHPJabbers Restaurant Menu Maker versions up to 1.1 Description A cross-site scripting issue exists in PHPJabbers Restaurant Menu Maker. The issue is related to the /preview.php file and manipulation of the theme parameter. This manipulation c...

CVE-2024-42562

Pharmacy Management System commit a2efc8 was discovered to contain a SQL injection vulnerability via the invoicenumber parameter at preview.php...

Form Tools Security Vulnerability

Form Tools is an open source codebase for Form Tools scripts, modules, themes and APIs. A security vulnerability exists in Form Tools version v3.1.1, which stems from a reflected cross-site scripting vulnerability in the /formbuilder/preview.php?formid=2 component...

CVE-2023-40755

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...

CVE-2023-36138

PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting XSS via the theme parameter of preview.php...

CVE-2023-36137

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...

CVE-2023-33560

There is a Cross Site Scripting XSS vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3...

PHPJabbers Time Slots Booking Calendar Cross Site Scripting Vulnerability

PHPJabbers Time Slots Booking Calendar is a booking system from PHPJabbers. A cross-site scripting vulnerability exists in PHPJabbers Time Slots Booking Calendar v3.3, which stems from a cross-site scripting XSS vulnerability in the cid parameter of Preview.php...

CVE-2023-3555

A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sortby/propertyid leads to cross site scripting. It is possible to initiate the attack...