161 matches found
CVE-2025-58087
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-58087
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
PT-2026-3611
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
MedDream PACS Premium Cross-site Scripting Vulnerability
MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a cross-site scripting vulnerability. This vulnerability stems from the status parameter in the config.php function, which...
CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php...
CVE-2025-40695
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'remark', 'status' and 'takeaction' parameters via POST at the endpoint '/ofrs/admin/request-details.php'. This...
CVE-2023-45334
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database...
EUVD-2025-204640
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...
CVE-2025-7782
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...
CVE-2025-7782 WP JobHunt <= 7.7 - Missing Authorization to Authenticated (Candidate+) Stored Cross-Site Scripting via 'status'
The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to unauthorized modification of data due to a missing capability check on the 'csupdateapplicationstatuscallback' function in all versions up to, and including, 7.7. This makes it possible for authenticated attackers,...
CVE-2025-13385 Bookme <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter
The Bookme – Free Online Appointment Booking and Scheduling Plugin for WordPress is vulnerable to time-based SQL Injection via the filterstatus parameter in all versions up to, and including, 4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2025-13385
CVE-2025-13385 affects the WordPress plugin Bookme – Free Online Appointment Booking and Scheduling System (versions up to 4.2). The vulnerability is a time-based SQL Injection arising from insufficient escaping of the filter[status] parameter in the affected SQL query, enabling an authenticated ...
WordPress Bookme plugin <= 4.2 - Authenticated (Admin+) SQL Injection via 'filter[status]' Parameter vulnerability
Authenticated Admin+ SQL Injection via 'filterstatus' Parameter vulnerability discovered by Sopon Tangpathum SoNaJaa - freelance in WordPress Plugin Bookme – Free Online Appointment Booking and Scheduling Plugin versions = 4.2...
CVE-2025-11604
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2025-11604
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2025-11604
CVE-2025-11604 affects ProjectWorlds Online Ordering Food System 1.0. The vulnerability arises from improper handling of the Status parameter in /all-orders.php, allowing an SQL injection via remote exploitation. Public exploit disclosed. Multiple sources (NVD, Red Hat, EUVD, CNNVD, CVE listing) ...
CVE-2025-11604 projectworlds Online Ordering Food System all-orders.php sql injection
A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
Projectworlds Online Ordering Food System SQL注入漏洞
Projectworlds Online Ordering Food System is an online ordering food system from Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Ordering Food System version 1.0, which stems from an incorrect manipulation of the parameter Status in the file /all-orders.php, which coul...
PT-2025-41690
Name of the Vulnerable Software and Affected Versions ProjectWorlds Online Ordering Food System version 1.0 Description A SQL injection issue exists due to improper processing of the Status argument in the /all-orders.php file. Remote exploitation is possible. The exploit has been publicly...
EUVD-2021-11819
Malware in sbrugna...