CVE-2026-35008

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

CVE-2026-35008

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

EUVD-2026-31176

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

PT-2026-42250

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into an HTML attribute. Attackers can craft a...

CVE-2025-14352 Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification

The Awesome Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to incorrect authorization in the room-single.php shortcode handler in all versions up to, and including, 1.0.3. This is due to the plugin relying solely on nonce verification without capability...

CVE-2025-10326

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-10326 MiczFlor RPi-Jukebox-RFID single.php os command injection

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-7166

A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...

CVE-2022-28512

A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in "/fantasticblog/single.php" via the "id=5" parameters...

CVE-2020-18449

Cross Site Scripting XSS vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php...