Lucene search
K

8 matches found

NVD
NVD
added 2026/05/10 1:16 p.m.11 views

CVE-2021-47924

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

6.4CVSS0.00282EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/10 12:43 p.m.7 views

CVE-2021-47924

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

6.4CVSS6AI score0.00282EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.36 views

CVE-2021-47924 WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

6.4CVSS0.00282EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 12:43 p.m.13 views

CVE-2021-47924

The CVE-2021-47924 entry concerns the WordPress plugin Ultimate Product Catalog, version 5.8.2. The vulnerability is a stored cross-site scripting (XSS) flaw in which authenticated attackers can inject HTML/JavaScript into the price parameter via POST to post.php, leading to code execution when a...

6.4CVSS6AI score0.00282EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.11 views

WordPress plugin Ultimate Product Catalog 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.9AI score0.00282EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.12 views

PT-2026-39500

Name of the Vulnerable Software and Affected Versions Ultimate Product Catalog version 5.8.2 Description A stored cross-site scripting issue allows authenticated attackers to inject malicious scripts. This is achieved by submitting POST requests to the 'post.php' endpoint using the price paramete...

6.4CVSS6AI score0.00282EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

Code-Projects Simple Food Ordering System 代码注入漏洞

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter pname/category/price in the file /addproduct.php, which c...

6.1CVSS5.9AI score0.00356EPSS
Exploits1References6
OSV
OSV
added 2025/04/20 11:15 a.m.3 views

CVE-2025-3824

A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproductname leads to cross site scripting. T...

4.1CVSS3.8AI score0.00324EPSS
Exploits1References4
Rows per page
Query Builder