20 matches found
EUVD-2025-205838
A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...
CVE-2025-66824
A Stored Cross-Site Scripting XSS vulnerability exists in the Meeting location field of the Create/Edit Conference functionality in TrueConf Server v5.5.2.10813. The injected payload is stored via the meetingroom parameter and executed when users visit the Conference Info page, allowing attackers...
CVE-2025-62613
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
CVE-2025-62613
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
EUVD-2025-35631
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
CVE-2025-62613
VDO.Ninja (versions 28.0–28.3) is affected by a reflected XSS in examples/control.html via the room parameter. The issue arises from improper sanitization before rendering in the DOM, due to insufficient input validation/encoding. The vulnerability could allow script execution in the context of t...
CVE-2025-62613 VDO.Ninja Reflected XSS Vulnerability in control.html
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
CVE-2025-62613 VDO.Ninja Reflected XSS Vulnerability in control.html
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
CVE-2025-62613 VDO.Ninja Reflected XSS Vulnerability in control.html
VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting XSS vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in...
PT-2025-43408
Name of the Vulnerable Software and Affected Versions VDO.Ninja versions 28.0 through 28.3 Description VDO.Ninja is a tool used to integrate remote video feeds into studio software via WebRTC. A reflected Cross-Site Scripting XSS issue exists in the examples/control.html file through the room...
vdo.ninja 跨站脚本漏洞
vdo.ninja is a remote video input tool by Steve Seguin, an individual developer. A cross-site scripting vulnerability exists in vdo.ninja versions 28.0 through prior to 28.4, which stems from improper cleanup of the room parameter in examples/control.html, which could lead to a reflective...
CVE-2025-11472
A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /editroom.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2025-11400
SourceCodester Hotel and Lodge Management System 1.0 contains a SQL injection vulnerability in the /del_room.php endpoint triggered by manipulating the ID parameter. The CVE-2025-11400 entries indicate remote exploitation with publicly available exploits. The issue is documented with multiple ven...
CVE-2025-11108
A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
CVE-2025-11108
A vulnerability was determined in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. The attack may be performed from remote. The exploit has been publicly...
Code-Projects Simple Scheduling System SQL注入漏洞
Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the failure of the /schedulingsystem/addroom.php file to effectively filter the room parameter. No details of the vulnerability are available at this time...
CVE-2024-11963
A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. Affected by this issue is some unknown functionality of the file /admin/room.php. The manipulation of the argument troom leads to sql injection. The attack may be launched remotely. The...
PT-2023-28830 · Unknown · Resort Reservation System
Name of the Vulnerable Software and Affected Versions: Resort Reservation System version 1.0 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage room function...
CVE-2022-1007
The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue...
CVE-2007-5982
Multiple cross-site scripting XSS vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 room parameter to sources/frame.php, the 2 themec parameter to help/index.php, or the 3 INSTALLX7CHATVERSION parameter to...