CVE-2026-25476

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in library/auth.inc.php runs only when skiptimeoutreset is not present in the request. When skiptimeoutreset=1 is sent, the entire block th...

EUVD-2017-6654

Malware in sbrugna...

CVE-2024-28736

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function...

CVE-2024-28736

An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function...

PT-2024-22549 · Unknown · Debezium Community Debezium-Ui

Name of the Vulnerable Software and Affected Versions: Debezium Community debezium-ui version 2.5 Description: An issue in Debezium Community debezium-ui allows a local attacker to execute arbitrary code via the refresh page function. Recommendations: For Debezium Community debezium-ui version 2....

WP SMTP Mailing Queue < 2.0.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Navigate to "Settings SMTP Mailing Queue Tools"...

SUSE CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

Link Library < 7.4.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. Install the plugin and go to:...

Sliderby10Web < 1.2.53 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Slider » Sliders" and edit one of...

reCAPTCHA <= 1.6 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. On the setting page of this plugin, enter...

DEBIAN-CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

CVE-2017-15194

include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

cacti -- Cross Site Scripting issue

cacti developers report: The file include/globalsession.php in Cacti 1.1.25 has XSS related to 1 the URI or 2 the refresh page...

ImpressPages CMS 3.8 - Persistent Cross-Site Scripting

ImpressPages CMS 3.8 - Persistent Cross-Site Scripting Exploit Title:stored vulnerability Author: sajith version: ImpressPages CMS v3.8 vulnerable app link:http://www.impresspages.org/download/ steps: 1 log into the admin panel http://127.0.0.1/cms/ImpressPages/?cmsaction=manage 2click on advance...