CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

CVE-2025-3970

The CVE concerns baseweb JSite (versions up to 1.0). A cross-site scripting vulnerability is triggered by manipulating the Remarks argument in the /sys/office/save function. It is exploitable remotely, and multiple sources note that the exploit has been disclosed publicly. Practical impact is lim...

CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types from being uploaded to the server. This list is...

Cross-site Scripting (XSS)

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the Save function. An attacker with page editing privileges can inject malicious HTML content by manipulating the content argument. Details Cross-site...

CVE-2025-2967

...

CVE-2025-2965

...

CVE-2024-11640

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change...

CVE-2025-25818

CVE-2025-25818 describes an XSS vulnerability in Emlog Pro v2.5.4. The flaw is in the article_save.php postStrVar function, allowing an attacker to inject crafted payloads that trigger arbitrary web-script or HTML execution. The vulnerability is categorized with CVSSv3.1 metrics: AV:L/AC:L/PR:N/U...

CVE-2025-1114

A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack...

PT-2025-6011 · Unknown · Newbee-Mall

Name of the Vulnerable Software and Affected Versions: newbee-mall version 1.0 Description: A problematic issue has been found in newbee-mall. The save function of the /admin/categories/save API endpoint in the Add Category Page component is affected. The manipulation of the categoryName argument...

newbee-mall 代码注入漏洞

newbee-mall is a newbee open source e-commerce system . Newbee-mall 1.0 version of the code injection vulnerability exists , the vulnerability stems from the component Add Category Page file /admin/categories/save function save the parameter categoryName will lead to cross-site scripting attacks...

PT-2025-1676 · WordPress · Vikbooking Hotel Booking Engine & Pms

Name of the Vulnerable Software and Affected Versions: VikBooking Hotel Booking Engine & PMS plugin for WordPress versions up to, and including, 1.7.2 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to...

PT-2025-1456 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue is related to Cross Site Scripting XSS via the WSCView/Save function. This allows for potential malicious script execution. No information is provided about the...

PT-2025-1453 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions = 11.0.33 Description: The issue is related to Directory Traversal via the WSCView/Save function. This allows for potential unauthorized access to sensitive files and directories...

CVE-2023-42230

Pat Infinite Solutions HelpdeskAdvanced = 11.0.33 is vulnerable to Cross Site Scripting XSS via the WSCView/Save function...

CVE-2024-9082

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save of the component User Creation Handler. The manipulation of the argument Type with the input 1 leads to...

WordPress plugin AliExpress Dropshipping with AliNext Lite security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-35352

A vulnerability has been discovered in Diño Physics School Assistant version 2.3. This vulnerability impacts unidentified code within the file /classes/Users.php?f=save. Manipulating the parameter middlename results in cross-site scripting...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a level3 conversion error in the swsuspsave function...

CVE-2024-1178

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...