CVE-2024-1508

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings'titletags'' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible f...

WordPress Plugin EmbedPress Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-21396 · Openemr · Openemr

Name of the Vulnerable Software and Affected Versions: open-emr versions prior to 7.0.2 Description: An issue in open-emr allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq form.php component. Recommendations: For versions prior to 7.0.2, upda...

CVE-2023-48987

Blind SQL Injection vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the pages.php component...

CVE-2023-48986

Cross Site Scripting XSS vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the users.php component...

CVE-2023-48985

Cross Site Scripting XSS vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component...

Simple School Managment System SQL注入漏洞

Simple School Managment System is Code-projects open source a simple school management system . Simple School Managment System version 1.0 SQL injection vulnerability , the vulnerability stems from the application lack of validation of external input SQL statement , an attacker can exploit the...

TOTOLINK N200RE 安全漏洞

The TOTOLINK N200RE is a wireless router for the SOHO market. The TOTOLINK N200RE suffers from a buffer overflow vulnerability that originates from a stack-based buffer overflow in the main function of //cgi-bin/cstecgi.cgi. No detailed vulnerability details are provided at this time...

CVE-2024-0292

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The explo...

PT-2023-29426 · Unknown · Online Examination System

Name of the Vulnerable Software and Affected Versions: Online Examination System version 1.0 Description: The issue concerns an Authenticated SQL Injection vulnerability. Specifically, the wrong parameter of the "update.php" endpoint does not validate the characters received and they are sent...

CVE-2023-48687

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database...

CVE-2023-48553

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

CVE-2023-47064

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

CVE-2023-47516

Cross-Site Request Forgery CSRF vulnerability in Stark Digital Category Post List Widget allows Stored XSS.This issue affects Category Post List Widget: from n/a through 2.0...

CVE-2023-46510

An issue in ZIONCOM Hong Kong Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function...

Tongda OA 2017 SQL Injection Vulnerability

Tongda2000 is a web-based intelligent office system from China Tongda Tongda. A security vulnerability exists in Tongda OA 2017 version, which originates from the existence of an unknown part of the file general/hr/training/record/delete.php, which leads to sql injection via the parameter RECORDI...

The vulnerability in the /sysmanage/updateos.php script of the D-Link DAR-7000 router’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the /sysmanage/updateos.php script of the D-Link DAR-7000 router’s microprogramming system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2023-5261

A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/stafftitleevaluation/delete.php. The manipulation of the argument EVALUATIONID leads to sql injection. The exploit has been disclosed to the public and may...

The vulnerability in the Nagios XI monitoring tool’s script for nagiosxi/admin/banner_message-ajaxhelper.php allows a attacker to disclose protected information.

The vulnerability in the nagiosxi/admin/bannermessage-ajaxhelper.php script of Nagios XI relates to the failure to protect the SQL query structure during the processing of the ID parameter. Exploiting this vulnerability can allow an attacker to disclose sensitive information...