CVE-2023-5030

A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLANID leads to sql injection. The exploit has been disclosed to the public and may be used...

Earcms 代码问题漏洞

Earcms is a content management system from Earcms open source. A code issue vulnerability exists in Earcms App version v.20181124, which stems from allowing remote attackers to execute arbitrary code via uload/index-uplog.php...

Availability Booking Calendar PHP Cross Site Scripting Vulnerability

Availability Booking Calendar PHP is a GZ Scripts open source availability booking calendar system. A cross-site scripting vulnerability exists in Availability Booking Calendar PHP version 5.0, which stems from the parameter sessionid in the file /index.php that causes cross-site scripting...

Lawyer 跨站脚本漏洞

Lawyer is a legal and lawyer website by the phpscriptpoint team. A cross-site scripting vulnerability exists in phpscriptpoint Lawyer version 1.6, which stems from the presence of some unknown functions in search.php that lead to cross-site scripting...

CVE-2023-36146

A Stored Cross-Site Scripting XSS vulnerability was found in Multilaser RE 170 using firmware 2.2.6733...

Pluck 跨站脚本漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS versions 4.7.15 through 4.7.16-dev4, which originates from a cross-site scripting XSS vulnerability in file /admin.php. An attacker can exploit the vulnerability by uploading a...

CVE-2023-25730

A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-25781

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sebastian Krysmanski Upload File Type Settings plugin = 1.1 versions...

CVE-2023-21515

CVE-2023-21515 concerns Samsung Galaxy Store InstantPlay prior to version 4.5.49.8, where a vulnerable script could execute JavaScript to install APKs from Galaxy Store. The issue arises from InstantPlay containing a script that enables the JavaScript API to initiate APK installation. Impact desc...

Online Jewelry Store 跨站脚本漏洞

Online Jewelry Store is an online jewelry store for janobe individual developers. A cross-site scripting vulnerability exists in SourceCodester Online Jewelry Store version 1.0, which stems from a problem in the customer.php file and can be exploited by an attacker to conduct a cross-site scripti...

CVE-2023-23785

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in DgCult Exquisite PayPal Donation plugin = v2.0.0 versions...

Nokia OneNDS 20.9 Insecure Permissions / Privilege Escalation

=============================================================================== title: Incorrect Permission Assignment product: Nokia OneNDS 20.9 vulnerability type: Security Misconfiguration severity: High CVSS Score: 7.8 CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H found on:...

Online Computer and Laptop Store Cross-Site Scripting Vulnerability (CNVD-2023-29382)

Online Computer and Laptop Store is an online computer and laptop store from Carlo Montero's personal developer. A cross-site scripting vulnerability exists in Online Computer and Laptop Store v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the Brand...

The vulnerability in the sso.php script of NETGEAR CAX30 and CAX30S router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the sso.php script in NETGEAR CAX30 and CAX30S router microprogramming systems lies in the ability to execute commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the root user...

Online Pizza Ordering System 跨站脚本漏洞

Online Pizza Ordering System is an online pizza ordering system by Carlo Montero, a personal developer. A security vulnerability exists in Online Pizza Ordering System version 1.0, which originates from a cross-site scripting XSS vulnerability in /php-opos/signup.php, which can be exploited by an...

The vulnerability of the signup.php script in the Dental Clinic Appointment Reservation System allows attackers to perform cross-site scripting attacks.

The vulnerability in the signup.php script of the Dental Clinic Appointment Reservation System relates to insufficient protection of the website’s structure when processing the firstname parameter. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks remotely...

K47662005: BIG-IP Net HSM script vulnerability CVE-2022-28859

When installing Net HSM, the scripts nethsm-safenet-install.sh and nethsm-thales-install.sh expose the Net HSM partition password. CVE-2022-28859 Impact This vulnerability may allow an authenticated attacker with network access to the Net HSM to use or delete private keys by accessing a...

PT-2023-14530 · WordPress · Simple Membership

Name of the Vulnerable Software and Affected Versions: Simple Membership WordPress plugin versions prior to 4.2.2 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admin...

PT-2023-10147 · Unknown · Pointhi Searx Stats

Name of the Vulnerable Software and Affected Versions: pointhi searx stats affected versions not specified Description: A critical issue has been found in pointhi searx stats, affecting some unknown processing of the file cgi/cron.php, leading to sql injection. Recommendations: Apply a patch to f...

PT-2023-12766 · Nokia · Asik Airscale

Name of the Vulnerable Software and Affected Versions: Nokia ASIK AirScale system module versions 474021A.101 through 474021A.102 Description: A vulnerability exists in Nokia’s ASIK AirScale system module that could allow an attacker to place a script on the file system accessible from Linux. A...