CVE-2026-5466

wolfSSL's ECCSI signature verifier wcVerifyEccsiHash decodes the r and s scalars from the signature blob via mpreadunsignedbin with no check that they lie in 1, q-1. A crafted forged signature could verify against any message for any identity, using only publicly-known constants...

CVE-2014-4851

Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter...

EUVD-2025-25909

Malicious code in bioql PyPI...

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

Gitblit 安全漏洞

Gitblit is an open source, pure Java Git solution from Gitblit for managing, viewing, and serving Git repositories. A security vulnerability exists in Gitblit version 1.7.1, which stems from improper handling of the r parameter and could lead to a reflective cross-site scripting attack...

CVE-2025-50977

A template injection vulnerability leading to reflected cross-site scripting XSS has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists in the 'r' parameter and allows attackers to inject malicious Angular expressions that execute...

CVE-2025-50977

Gitblit (version 1.7.1) contains a template injection vulnerability that enables reflected XSS via the r parameter. Exploitation requires authenticated admin access and can be triggered through GET requests to the /summary endpoint or POST requests to certain Wicket interfaces, enabling injection...

PT-2025-34902 · Wicket · Wicket

Name of the Vulnerable Software and Affected Versions: versions prior to 1.7.1 Description: A template injection vulnerability leading to reflected cross-site scripting XSS has been identified, requiring authenticated admin access for exploitation. The vulnerability exists in the r parameter and...

CVE-2014-4849

Multiple cross-site scripting XSS vulnerabilities in msg.php in FoeCMS allow remote attackers to inject arbitrary web script or HTML via the 1 e or 2 r parameter...

CVE-2021-42052

IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter...

CVE-2022-31246

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request e.g., within QR code data. On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename...

iServiceOnline 1.0 - r SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: iServiceOnline 1.0 - 'r' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/iserviceonline/ Software Link: https://netcologne.dl.sourceforge.net/project/iserviceonline/iServiceEng.zip...

nuevoMailer 'r' Parameter SQL Injection Vulnerability

nuevoMailer is an email marketing software that can be used to manage mailing lists and track autoresponders. A SQL injection vulnerability exists in nuevoMailer 6.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of the 'r'...

CVE-2017-9730

SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter...

Cross site scripting

irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS...

CVE-2010-4971

Cross-site scripting XSS vulnerability in VideoWhisper PHP 2 Way Video Chat component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the r parameter to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the nonjs interface interfaces/nonjs.pm in CGI:IRC before 0.5.10 allows remote attackers to inject arbitrary web script or HTML via the R parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to inject arbitrary web script or HTML via the r parameter...