304 matches found
CVE-2026-35013
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
CVE-2026-35013
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
CVE-2026-35013
Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in street_view.php. The vulnerability lets authenticated attackers inject arbitrary JavaScript by passing unsanitized values in thelat and thelng GET parameters, which get embedded into JavaScript variable assignments and executed i...
CVE-2026-35013 Open ISES Tickets < 3.44.2 Reflected XSS via street_view.php thelat and thelng Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
EUVD-2026-31185
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in streetview.php that allows authenticated attackers to inject arbitrary JavaScript by passing unsanitized values through the thelat and thelng GET parameters directly into JavaScript variable assignments...
tickets 跨站脚本漏洞
Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting vulnerability in the streetview.php file...
EUVD-2026-28270
Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...
CVE-2026-41659
Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...
CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute
The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'markername' and 'filecolorlist' shortcode attribute of the osmmapv3 shortcode in all versions up to and including 6.1.15. This is due to insufficient input sanitization and output escaping. This mak...
Street-Legal Physical-World Adversarial Rim for License Plates
Automatic license plate reader ALPR systems are widely deployed to identify and track vehicles. While prior work has demonstrated vulnerabilities in ALPR systems, far less attention has been paid to their legality and physical-world practicality. We investigate whether low-resourced threat actors...
CVE-2026-2580
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-25323
CVE-2026-25323 affects WordPress OSM plugin versions
WordPress plugin OSM 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2026-0563
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode
The WP Google Street View with 360° virtual tour & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsvmap' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-0563
CVE-2026-0563 affects the WordPress plugin “WP Google Street View (with 360° virtual tour) & Google maps + Local SEO” and the vulnerability is a Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the wpgsv_map shortcode. The flaw enables an attacker with at ...
WordPress plugin WP Google Street View (with 360° virtual tour) & Google maps + Local SEO 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to set up a personal blog site on a PHP and MySQL based...