Wordpress Multiple Themes - Reflected Cross-Site Scripting

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

CVE-2023-54349

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...

CVE-2023-54349

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...

PT-2026-37004

AmazCart CMS 3.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search functionality. Attackers can enter script tags in the search box to execute arbitrary JavaScript that fires when...

📄 CMS Sense 2.0 Cross Site Scripting

CMS Sense version 2.0 suffers from a cross site scripting vulnerability. ================================================================================================================================== | Title : CMS sense v 2.0 HTML Injection Leading to XSS via Attribute Breakout | | Author :...

CVE-2025-68942

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

Cross-site Scripting (XSS)

Overview qwc2-lts is a QGIS Web Client Affected versions of this package are vulnerable to Cross-site Scripting XSS via multiple components, including ServiceInfoWindow, SearchBox, LayerInfoWindow, and others. An attacker can execute arbitrary JavaScript code in the context of the user's browser ...

EUVD-2010-4995

Malware in sbrugna...

EUVD-2022-28470

Malicious code in bioql PyPI...

Hostel Management System allocate_room.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchbox in the file /allocateroom.php. An attacker can exploit this...

Code-Projects Hostel Management System 注入漏洞

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchbox in the file /allocatedrooms.php. An attacker can use this vulnerabilit...

CVE-2025-5133

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2025-5133

A vulnerability classified as problematic has been found in Tmall Demo up to 20250505. Affected is an unknown function of the component Search Box. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be...

CVE-2025-5133

CVE-2025-5133 concerns Tmall Demo up to 20250505, affecting the Search Box component. The vulnerability is a cross-site scripting (XSS) issue caused by a misbehavior of an unknown function in the Search Box, enabling remote exploitation. The exploit has been publicly disclosed; no affected versio...

CVE-2025-28885 WordPress Fiverr.com Official Search Box plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in fiverraffiliates Fiverr.com Official Search Box fiverr-official-search-box allows Stored XSS.This issue affects Fiverr.com Official Search Box: from n/a through = 1.0.8...

CVE-2023-2813

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2,...

August 22, 2023—KB5029351 (OS Build 22621.2215) Preview

August 22, 2023—KB5029351 OS Build 22621.2215 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page. Note Follow @WindowsUpdate to...

Multiple Themes - Reflected XSS

Description The themes suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link. PoC https://example.com/?s=katana/asd/...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...

CVE-2023-37743

A cross-site scripting XSS vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box...