CVE-2026-41466

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers ca...

CVE-2026-41466

ProjeQtor is affected by a stored XSS in checkValidHtmlText() within Security.php, across versions 7.0 through 12.4.3. The vulnerability arises from inadequate sanitization (only pattern-based checks) and lack of output encoding, allowing attackers to inject payloads that are stored and executed ...

CVE-2026-41466 ProjeQtor < 12.4.4 Stored XSS via checkValidHtmlText()

ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers ca...

CVE-2023-49034

Cross Site Scripting XSS vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files...

CVE-2024-31634

Cross Site Scripting XSS vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library...

CVE-2024-31634

Cross Site Scripting XSS vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library...

CVE-2024-31634

Cross Site Scripting XSS vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library...

CVE-2024-31634

Cross Site Scripting XSS vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library...

CVE-2024-31634

Cross Site Scripting XSS vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library...

CVE-2024-31634

CVE-2024-31634 is a reported XSS in Xunruicms 4.6.3 and earlier, enabling a remote attacker to execute arbitrary code via the Security.php file located in the catalog \XunRuiCMS\dayrui\Fcms\Library. The Red Hat/NVD entries corroborate the same description. Affected component: Security.php in Xunr...

PT-2024-24170 · Xunruicms · Xunruicms

Name of the Vulnerable Software and Affected Versions: Xunruicms versions 4.6.3 and before Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via the Security.php file in the catalog XunRuiCMSdayruiFcmsLibrary. This enables the attacker to perform...

PT-2024-13669 · Projeqtor · Projeqtor

Name of the Vulnerable Software and Affected Versions: ProjeQtOr version 11.0.2 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via a crafted script to the checkvalidHtmlText function in the ack.php and security.php files. This enables the attacker...

Projeqtor Cross-Site Scripting Vulnerability

Projeqtor is a PHP-based open source project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A cross-site scripting vulnerability exists in Projeqtor version 11.0.2, which originat...

CVE-2023-49034

Cross Site Scripting XSS vulnerability in ProjeQtOr 11.0.2 allows a remote attacker to execute arbitrary code via a crafted script to thecheckvalidHtmlText function in the ack.php and security.php files...

Joomla Incapsula 1.4.6_b Cross Site Scripting Vulnerability

Joomla Incapsula component versions 1.4.6b and below suffer from a reflective cross site scripting vulnerability. Joomla Incapsula Component target="blank" class="IFJlink" Click here to upgrade your account Patch: ------ 22: " target="blank" class="IFJlink"Click here to upgrade your account...

Joomla Incapsula 1.4.6_b Cross Site Scripting

Joomla Incapsula Component target="blank" class="IFJlink" Click here to upgrade your account Patch: ------ 22: " target="blank" class="IFJlink"Click here to upgrade your account -------------------------------------------------------------------------- Tested on: Microsoft Windows 7 Ul...

Geeklog SEC_authenticate()函数SQL注入漏洞

BUGTRAQ ID: 34456 Geeklog是一个免费的、开放源码的Web应用程序。它可以使用户创建一个虚拟的社区，可以管理用户，张贴文章等。Geeklog采用PHP实现，以MySQL为后台数据库。 Geeklog的index.php模块中的SECauthenticate函数没有正确的验证用户所提交的PHPAUTHUSER和 REMOTEUSER变量参数，远程攻击者可以通过提交恶意查询请求执行SQL注入攻击。以下是/publichtml/webservices /atom/index.php文件中34-53行的有漏洞代码段： ... requireonce...

Geeklog <= 1.5.2 SEC_authenticate() SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================= Geeklog = 5.0 google dorks: "By Geeklog" "Created this page in" +seconds +powered "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml vulnerability, see...