9 matches found
EUVD-2026-44677
FastGPT is a knowledge-based AI application platform. From 4.14.17 until 4.15.0-beta5, the POST /api/core/chat/record/getCollectionQuote endpoint authenticates the caller's chat and collection context, but the initialId center-node lookup is not bound to that authorized context. A low-privileged...
CVE-2026-5249
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...
CVE-2026-5249
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...
CVE-2026-5249
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...
CVE-2026-5249 gougucms Record Endpoint record.html cross site scripting
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...
CVE-2026-5249 gougucms Record Endpoint record.html cross site scripting
A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulation of the argument value.content results in cross site scripting. It is possible to initiate the...
CVE-2026-5249
Gougucms 4.08.18 is affected by a cross-site scripting (XSS) flaw in the Record Endpoint, specifically in the file gougucms-master/app/admin/view/user/record.html. The vulnerability arises when an attacker manipulates the value.content argument, enabling remote exploitation. Public exploit exists...
PT-2024-38962 · Sourcecodester · Sourcecodester Computer Laboratory Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Laboratory Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Computer Laboratory Management System. The issue affects the delete record function of the file...
PT-2024-28811 · Idccms · Idccms
Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The vulnerability can be exploited via the "/admin/moneyRecord deal.php" endpoint, specifically when the mudi parameter is set to "delRecord"...