CVE-2026-5834

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...

CVE-2026-5834 code-projects Online Shoe Store admin_running.php cross site scripting

A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminrunning.php. Performing a manipulation of the argument productname results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now publi...

EUVD-2026-13563

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admineditmenuaction.php. Such manipulation of the argument productname leads to sql injection. The attack may be performed from...

CVE-2025-40679

HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...

CVE-2026-1159

CVE-2026-1159 affects itsourcecode Online Frozen Foods Ordering System 1.0. The issue arises from processing of the file /order_online.php, where manipulating the argument product_name can lead to an SQL injection. The vulnerability can be exploited remotely, and public proofs-of-concept exist ac...

WordPress Stylish Order Form Builder plugin <= 1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'product_name' Parameter vulnerability

Authenticated Subscriber+ Stored Cross-Site Scripting via 'productname' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Stylish Order Form Builder versions = 1.0...

WordPress plugin Stylish Order Form Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2025-13412

A vulnerability was determined in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/adminrunning.php. Executing a manipulation of the argument productname can lead to cross site scripting. The attack may be performed from...

uzy-ssm-mall 代码注入漏洞

uzy-ssm-mall yuzu cloud e-commerce is an SSM framework by ghostxbh individual developer for building e-commerce, bookstore mall, customer management and so on. A code injection vulnerability exists in uzy-ssm-mall version 1.0.0, which stems from improper manipulation of the parameter productname ...

Cross site scripting

A vulnerability was found in SourceCodester Canteen Management System. It has been classified as problematic. This affects the function query of the file food.php. The manipulation of the argument productname leads to cross site scripting. It is possible to initiate the attack remotely. The explo...