EUVD-2022-2376

Malicious code in bioql PyPI...

PT-2025-42561

Name of the Vulnerable Software and Affected Versions mediawiki affected versions not specified Description The software contains a flaw related to the escaping of the submit button label for Codex-based HTML forms. This could potentially lead to issues with how the submit button is displayed or...

Online Notice Board System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Online Notice Board System project 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozil...

Name Directory < 1.25.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well alert/XSS/" /...

CVE-2022-27854

Stored Cross-Site Scripting XSS vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via &wpttestpagesubmitbuttoncaption parameter...

PT-2022-18643 · Unknown · Alexander Ustimenko'S Psychological Tests & Quizzes Plugin

Name of the Vulnerable Software and Affected Versions: Alexander Ustimenko's Psychological tests & quizzes plugin versions = 0.21.19 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability. It affects users with a contributor or higher role. The vulnerability can be exploited vi...

Drupal Core Forms Interface Ignores Submit Button Access Restriction Vulnerability

Drupal is a free and open source content management system developed in PHP. An access bypass vulnerability exists in Drupal Core. Allowing input submission, e.g. using JavaScript, of form button elements that the user should not have access to because the buttons are blocked by server-side form...

PHP Form & Survey Creator CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP Form & Survey Creator CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/php-form-survey-creator/29396/ Category:: webapps Demo : http://web.alumnionline.org/phpScripts/PHPFormCreator/admin/...

Ad Manager Pro Cross Site Request Forgery

Exploit Title: Ad Manager Pro CSRF Vuln add admin Author: Jonturk75 Vendor of Software Link: http://www.scripts.com/viewscript/php-text-ad-management/20881/ Category:: webapps Demo site: http://www.scripts-demo.com/admanagerpro/administration/index.php...

mediawiki -- Clickjacking vulnerabilities

Clickjacking vulnerabilities: Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and...