CVE-2026-8143

Summary: The HBook WordPress plugin (up to version 2.1.6) is affected by a stored XSS due to insufficient input sanitization and output escaping in the parameters hb_country_iso, hb_usa_state_iso, and hb_canada_province_iso. This enables unauthenticated attackers to inject script code that execut...

CVE-2026-8143 Booking Calendar – Event Calendar <= 2.1.6 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hbcountryiso', 'hbusastateiso', and 'hbcanadaprovinceiso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2026-43572

The HBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'hb country iso', 'hb usa state iso', and 'hb canada province iso' parameters in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress plugin HBook 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2025-25762

Malicious code in bioql PyPI...

EUVD-2023-28294

Malicious code in bioql PyPI...

CVE-2025-9424

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

CVE-2025-9424

CVE-2025-9424 concerns Ruijie WS7204-A (version 2017.06.15). The vulnerability affects the function/file path "/itbox_pi/branch_import.php?a=branch_list" where manipulating the parameter province can lead to an OS command injection . The impact is described as remote code execution, with the expl...

CVE-2025-9424 Ruijie WS7204-A branch_import.php os command injection

A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itboxpi/branchimport.php?a=branchlist. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit i...

PT-2025-34717 · Ruijie · Ruijie Ws7204-A

Name of the Vulnerable Software and Affected Versions: Ruijie WS7204-A version 2017.06.15 Description: A vulnerability exists in Ruijie WS7204-A 2017.06.15 related to os command injection. The issue is located in the file /itbox pi/branch import.php?a=branch list, where manipulation of the provin...

CVE-2024-29376

Sylius 1.12.13 is vulnerable to Cross Site Scripting XSS via the "Province" field in Address Book...

CVE-2024-51027

Ruijie NBR800G gateway NBRRGOS11.16B4P9 is vulnerable to command execution in /itboxpi/networksafe.php via the province parameter...

CVE-2023-24236

TOTOlink A7100RUV7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules...

CVE-2023-1179

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument companyname/province/city/phonenumber leads to cross site...

CVE-2024-51027

Ruijie NBR800G gateway NBRRGOS11.16B4P9 is vulnerable to command execution in /itboxpi/networksafe.php via the province parameter...

CVE-2024-51027

Ruijie NBR800G gateway NBRRGOS11.16B4P9 is vulnerable to command execution in /itboxpi/networksafe.php via the province parameter...

CVE-2024-51027

The CVE-2024-51027 affects Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9. The flaw allows command execution via the province parameter in /itbox_pi/networksafe.php. CVSS v3.1: 6.5 (Adj. Vector: Adjacent; Privileges: None; User Interaction: None; Impact: Availability High). Exploitation status is no...

PT-2024-34494 · Ruijie · Ruijie Nbr800G

Name of the Vulnerable Software and Affected Versions: Ruijie NBR800G gateway version NBR RGOS 11.16B4P9 Description: The issue is a command execution vulnerability that occurs in the /itbox pi/networksafe.php endpoint via the province parameter. This allows for potential command execution...

sintesi.provincia.mantova.it Open Redirect vulnerability OBB-3939690

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Malicious code in indonesian-province (RubyGems)

--- -= Per source details. Do not edit below this line.=-...