CVE-2024-50838

A Stored Cross-Site Scripting XSS vulnerability was found in /admin/department.php in KASHIPARA E-learning Management System Project 1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the d and pi parameters...

CVE-2024-37160

Formwork is a flat file-based Content Management System CMS. An attackers requires administrator privilege to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages except the dashboard...

CVE-2020-26624

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal...

CVE-2025-29686

A cross-site scripting XSS vulnerability in OA System before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at /inform/InformManageController.java...

gougucms 代码注入漏洞

gougucms gougucms CMS is China's gougu gougu open source based on ThinkPHP6 + Layui + MySql to create a lightweight general-purpose back-end management framework . gougucms 4.08.18 version of the code injection vulnerability, the vulnerability stems from cross-site scripting, may lead to a remote...

PHPGurukul Human Metapneumovirus Testing Management System 代码注入漏洞

PHPGurukul Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system from PHPGurukul, Inc. A code injection vulnerability exists in version 1.0 of the PHPGurukul Human Metapneumovirus Testing Management System, which originates from cross-site scripting a...

Mercurial SCM 代码注入漏洞

Mercurial SCM is a free distributed source code control management tool from Mercurial SCM open source. A code injection vulnerability exists in Mercurial SCM version 4.5.3/71.19.145.211, which originates from cross-site scripting and could lead to a remote attacker executing arbitrary script in ...

CVE-2024-50705

Unauthenticated reflected cross-site scripting XSS vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary scripts via the page parameter...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contains a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of...

CVE-2024-11993

CVE-2024-11993 is a reflected cross-site scripting (XSS) vulnerability affecting Liferay Portal 7.4.0–7.4.3.38 and Liferay DXP 7.4 GA through update 38, exploitable via the Dispatch name field. The connected documents consistently describe an XSS flaw resulting from improper handling of user inpu...

CVE-2024-11993

Reflected cross-site scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field...

CVE-2024-37776

A cross-site scripting XSS vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

CVE-2024-54935

A Stored Cross-Site Scripting XSS vulnerability was found in /sendmessageteachertostudent.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the mymessage parameter...

MAL-2024-12312 Malicious code in newpackagetest2024 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1e2e6f858089751c96fa15bde74d24a4dc6a68758e3ee4870a9c0d1f7c66d378 Packages either test the malicious behaviour, or actually download and run a simple remote script during the installation. --- Category: PROBABLYPENTEST -...

Malicious code in driftme (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4db40025175947d42bcca75bc2f04d0dab05379e9e84108c40de1cda6a854604 Importing the module starts executing a remote script, as well as leaves a persitance in the .bashrc --- Category: MALICIOUS - The campaign has clearly malicio...

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

Kashipara E-learning Management System 跨站脚本漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A cross-site scripting vulnerability exists in Kashipara E-learning Management System version 1.0, which is rooted in a stored cross-site scripting attack that allows remote attackers to execute arbitrary...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara Inc. A security vulnerability exists in Kashipara E-learning Management System version 1.0 that stems from vulnerability to a stored cross-site scripting attack, which allows remote attackers to execute arbitrar...