SUSE CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

Stored Cross Site Scripting

Vulnerability Type Stored Cross Site-Scripting XSS Affected URL https://localhost/openemr-6.0.0/interface/new/newcomprehensivesave.php Affected Parameters “formfname” “formlname” Authentication Required? Yes Issue Summary A stored XSS vulnerability found in “/interface/new/newcomprehensivesave.ph...

Ferdows CMS Pro <=1.1.0 Multiple Vulnerabilities

Exploit for asp platform in category web applications www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm...

SASPCMS Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Content Management System . SASPCMS witc...

PHPRunner 4.2 - &#039;SearchOption&#039; Blind SQL Injection

www.BugReport.ir AmnPardaz Security Research Team Title: PHPRunner SQL Injection Vendor: http://www.xlinesoft.com Vulnerable Version: 4.2 prior versions also may be affected Exploitation: Remote with browser Original Advisory: http://www.bugreport.ir/index63.htm Fix: N/A - Description: PHPRunner...

Chicomas 2.0.4 - Database Backup File Disclosure Cross-Site Scripting

Chicomas 2.0.4 - Database Backup File Disclosure Cross-Site Scripting www.BugReport.ir AmnPardaz Security Research Team Title: chicomas Dtabase Information Disclosure POC: http://URL/chicomas/config.inc +--The Latest generated Database backups POC: http://URL/chicomas/backup +--Cross Site Scripti...

Persia BME E-Catalogue Remote SQL Injection Vulnerability

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Persia BME E-Catalogue SQL Injection Vulnerability Vendor: http://www.persiabme.com/products/ Impact: High Fix: N/A Original Advisory: http://www.bugreport.ir/index55.htm 1. Description: Persia BME...

Masir Camp E-Shop Module <= 3.0 (ordercode) SQL Injection Vuln

Exploit for unknown platform in category web applications ============================================================== Masir Camp E-Shop Module = 3.0 ordercode SQL Injection Vuln ============================================================== Title: Masir Camp E-Shop Module = 3.0 SQL Injection...

iges CMS 2.0 - Cross-Site Scripting / SQL Injection

www.BugReport.ir AmnPardaz Security Research Team Title: IGES CMS =2.0 Multiple Vulnerabilities Vendor: www.iges.nl Exploit: Available Vulnerable Version: 2.0 Impact: High Fix: N/A 1. Description: IGES CMS is a complete, fully featured CMS in PHP language with SQL and became a powerful CMS having...

iges CMS 2.0 - Cross-Site Scripting SQL Injection

iges CMS 2.0 - Cross-Site Scripting SQL Injection www.BugReport.ir AmnPardaz Security Research Team Title: IGES CMS =2.0 Multiple Vulnerabilities Vendor: www.iges.nl Exploit: Available Vulnerable Version: 2.0 Impact: High Fix: N/A 1. Description: IGES CMS is a complete, fully featured CMS in PHP...

myblog-multi.txt

www.BugReport.ir AmnPardaz Security Research Team Title: MyBlog =0.9.8 Multiple Vulnerabilities Vendor: http://crewdesign.co.uk & http://sourceforge.net/projects/myblog Exploit: Available Vulnerable Version: 0.9.8 Impact: High Fix: N/A Original Advisory: www.bugreport.ir/?/49 1. Description:...