CVE-2021-47924 WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

CVE-2021-47924 WordPress Plugin Ultimate Product Catalogue 5.8.2 Stored XSS via price

Ultimate Product Catalogue 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit POST requests to post.php with HTML/JavaScript payloads in the price field to execute arbitrary...

CVE-2021-47922

Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScript payloads in the title field when creating or editing sliders, which executes in the browsers of...

CVE-2021-47907 Rocket LMS 1.1 Persistent Cross-Site Scripting via Support Tickets

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

CVE-2021-47907

Rocket LMS 1.1 is affected by a persistent cross-site scripting (XSS) vulnerability in the support ticket module. The issue arises from the title parameter, allowing authenticated users to inject HTML/JavaScript payloads that can execute in the browsers of other users viewing the message history,...

CVE-2022-50966

CVE-2022-50966 affects uBidAuction 2.0.1 in the news/manage module. The vulnerability is a reflected XSS in which the filter functionality does not properly sanitize the date_created, date_from, date_to, and created_at parameters, allowing an attacker to inject malicious scripts via crafted GET r...

CVE-2022-50965 uBidAuction 2.0.1 posts manage Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...

CVE-2022-50962 uBidAuction 2.0.1 myOrders Reflected XSS

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the orders/myOrders module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET reques...

CVE-2022-50962

uBidAuction 2.0.1 is affected by a reflected XSS in the orders/myOrders module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject and execute malicious scripts via crafted GET requests in vic...

CVE-2022-50958 WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50958

WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the postid parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the postid parameter ...

CVE-2022-50957 Drupal avatar_uploader 7.x-1.0-beta8 Reflected XSS

Drupal avataruploader 7.x-1.0-beta8 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the file parameter. Attackers can craft URLs with script payloads in the file parameter of avataruploader.pages.inc to...

CVE-2022-50956 WordPress Plugin amministrazione-aperta 3.7.3 Local File Read

WordPress Plugin amministrazione-aperta 3.7.3 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in the open parameter. Attackers can supply file paths through the open GET parameter in dispatcher.php ...

EUVD-2026-28988

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is...

CVE-2026-8235

The CVE-2026-8235 entry concerns 8421bit MiniClaw versions 0.8.0/0.9.0. The vulnerability is in the System Command Handler’s kernel.ts (resolveSkillScriptPath) where input manipulation enables OS command injection. CVSS metrics indicate Medium severity with ADJACENT attack vector and low privileg...

CVE-2026-8235

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is...

CVE-2026-8235 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection

A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulation results in os command injection. The exploit is now public and may be used. The patch is...

CVE-2026-8230

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...

CVE-2026-8228

A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlanconf/Channel/skiplist/ieee80211h leads to os command injection. The attack may be launched remotely. The exploit has been...

CVE-2026-8227

CVE-2026-8227 affects Wavlink NU516U1 240425. The vulnerability is in the function wzdapMesh of the file /cgi-bin/adm.cgi, enabling an OS command injection. It may be exploited remotely, with exploits publicly available. Multiple sources (NVD, Red Hat, EUVD/ENISA, CIRCL, CVE records) corroborate ...