Lucene search
K

161 matches found

cvelist
cvelist
added 2026/01/20 2:49 p.m.21 views

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS0.0024EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/01/20 2:49 p.m.3 views

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/01/20 12:0 a.m.13 views

PT-2026-3611

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

6.1CVSS5.6AI score0.0024EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/01/20 12:0 a.m.7 views

MedDream PACS Premium Cross-site Scripting Vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a cross-site scripting vulnerability. This vulnerability stems from the status parameter in the config.php function, which...

6.1CVSS5.8AI score0.0024EPSS
Exploits1References2
cvelist
cvelist
added 2026/01/14 6:28 p.m.20 views

CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...

4.8CVSS0.00194EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/01/09 9:16 a.m.20 views

CVE-2025-40695

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This...

5.4CVSS5.5AI score0.00193EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:58 a.m.11 views

CVE-2023-45334

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database...

9.8CVSS8.3AI score0.007EPSS
Exploits1References1
euvd
euvd
added 2025/12/20 3:32 p.m.8 views

EUVD-2025-204640

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

7.6CVSS4.7AI score0.00189EPSS
Exploits0References3
nvd
nvd
added 2025/12/20 2:16 p.m.9 views

CVE-2025-7782

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

7.6CVSS0.00189EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/12/20 1:47 p.m.6 views

CVE-2025-7782 WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...

7.6CVSS4.8AI score0.00189EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/11/25 7:28 a.m.7 views

CVE-2025-13385 Bookme <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter

The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

4.9CVSS6.2AI score0.0026EPSS
Exploits0References3
cve
cve
added 2025/11/25 7:28 a.m.21 views

CVE-2025-13385

CVE-2025-13385 affects the WordPress plugin Bookme – Free Online Appointment Booking and Scheduling System (versions up to 4.2). The vulnerability is a time-based SQL Injection arising from insufficient escaping of the filter[status] parameter in the affected SQL query, enabling an authenticated ...

4.9CVSS6.2AI score0.0026EPSS
Exploits0References3
patchstack
patchstack
added 2025/11/24 11:50 p.m.6 views

WordPress Bookme plugin <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter vulnerability

Authenticated Admin+ SQL Injection via 'filterstatus' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Bookme – Free Online Appointment Booking and Scheduling Plugin versions = 4.2...

4.9CVSS8.1AI score0.0026EPSS
Exploits0References1Affected Software1
osv
osv
added 2025/10/11 2:15 p.m.3 views

CVE-2025-11604

A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

9.8CVSS5.7AI score0.00387EPSS
Exploits1References4
nvd
nvd
added 2025/10/11 2:15 p.m.4 views

CVE-2025-11604

A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

9.8CVSS0.00387EPSS
Exploits1References4
cve
cve
added 2025/10/11 2:2 p.m.15 views

CVE-2025-11604

CVE-2025-11604 affects ProjectWorlds Online Ordering Food System 1.0. The vulnerability arises from improper handling of the Status parameter in /all-orders.php, allowing an SQL injection via remote exploitation. Public exploit disclosed. Multiple sources (NVD, Red Hat, EUVD, CNNVD, CVE listing) ...

9.8CVSS6.6AI score0.00387EPSS
Exploits1References4Affected Software1
vulnrichment
vulnrichment
added 2025/10/11 2:2 p.m.2 views

CVE-2025-11604 projectworlds Online Ordering Food System all-orders.php sql injection

A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

7.5CVSS6.6AI score0.00387EPSS
Exploits1References4
cnnvd
cnnvd
added 2025/10/11 12:0 a.m.4 views

Projectworlds Online Ordering Food System SQL注入漏洞

Projectworlds Online Ordering Food System is an online ordering food system from Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Ordering Food System version 1.0, which stems from an incorrect manipulation of the parameter Status in the file /all-orders.php, which coul...

9.8CVSS7.8AI score0.00387EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2025/10/11 12:0 a.m.5 views

PT-2025-41690

Name of the Vulnerable Software and Affected Versions ProjectWorlds Online Ordering Food System version 1.0 Description A SQL injection issue exists due to improper processing of the Status argument in the /all-orders.php file. Remote exploitation is possible. The exploit has been publicly...

7.5CVSS7.5AI score0.00387EPSS
Exploits1References9
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11819

Malware in sbrugna...

6.1CVSS6.1AI score0.00907EPSS
Exploits2References2
Rows per page
Query Builder