CVE-2026-48226

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in os_watch.php. An authenticated attacker can inject arbitrary JavaScript by unsanitized values passed via the ref and mode_orig POST parameters into HTML form hidden input value attributes, leading to code execution in the victim’...

CVE-2026-48226 Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in oswatch.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ref and modeorig POST parameters directly into HTML form hidden input value...

EUVD-2019-20060

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...

CVE-2019-25662

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...

CVE-2019-25662

CVE-2019-25662 affects ResourceSpace 8.6 with an SQL injection in the watched_searches.php endpoint via the ref parameter. Unauthenticated attackers can send crafted GET requests to extract sensitive data (e.g., usernames and credentials). Public details document the vulnerability and its impact ...

CVE-2019-25662 ResourceSpace 8.6 SQL Injection via watched_searches.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...

CVE-2019-25662 ResourceSpace 8.6 SQL Injection via watched_searches.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...

CVE-2019-25662

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...

PT-2026-30471

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched searches.php endpoint with crafted SQL payloads to extract...

Montala ResourceSpace SQL注入漏洞

Montala ResourceSpace is an open-source digital asset management tool developed by Montala Company in the UK. It enables users to organize their digital assets. Version 8.6 of Montala ResourceSpace contains a SQL injection vulnerability. This vulnerability stems from the ref parameter being...

consult-llm-mcp 操作系统命令注入漏洞

consult-llm-mcp is a multi-model code consultation server developed by Raine Virta. Versions of consult-llm-mcp prior to 2.5.3 had an operating system command injection vulnerability. This vulnerability stemmed from incorrect operations with parameters gitdiff.baseref/gitdiff.files in the...

Linux Distros Unpatched Vulnerability : CVE-2021-26247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As an unauthenticated remote user, visit http:///authchangepassword.php?ref=alert1 to successfully execute the JavaScript payload present in the ref URL...

Astun Technology iShare Maps 输入验证错误漏洞

Astun Technology iShare Maps is a software for public map services from Astun Technology, UK. An input validation error vulnerability exists in Astun Technology iShare Maps version 5.4.0, which stems from an open redirect due to incorrect manipulation of the parameter ref in the file atCheckJS.as...

CVE-2024-0487

A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched...

UBUNTU-CVE-2023-39364

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The authchangepassword.php file accepts ref as a URL parameter and...

SUSE CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

UBUNTU-CVE-2022-48547

A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...

Cacti 跨站脚本漏洞

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A cross-site scripting vulnerability exists in Cacti 0.8.7g and earlier...

PT-2023-5430 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions 0.8.7g and earlier Description: A reflected cross-site scripting XSS vulnerability allows unauthenticated remote attackers to inject arbitrary web script or HTML in the ref parameter at "auth changepassword.php". This issue is...