27 matches found
CVE-2026-5109 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...
CVE-2024-41943
I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will...
CVE-2025-4712
A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/accountsummary.php. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has...
CampCodes Sales and Inventory System 注入漏洞
CampCodes Sales and Inventory System is a sales and inventory system from CampCodes, Inc. An injection vulnerability exists in CampCodes Sales and Inventory System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter cid in the file /pages/accountsummary.php...
Online Shoe Store summary.php File SQL Injection Vulnerability
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of the tid parameter in the /summary.php page against externally entered SQL statements. The vulnerability can be exploited by an attacker to...
code-projects Online Shoe Store 注入漏洞
Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of the tid parameter in the /summary.php page against externally entered SQL statements. The vulnerability can be exploited by an attacker to...
PT-2024-29651 · I · I
Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.1 Description: The issue arises from the lack of validation or sanitation of PDF notes displayed on the Item Summary page. An attacker can exploit this by inserting a malicious payload into the PDF notes,...
i-librarian 跨站脚本漏洞
i-librarian is an online service from Martin Kucej Personal Developer that will organize your PDF files and office document collections. A cross-site scripting vulnerability exists in i-librarian versions prior to 5.11.1, which stems from PDF notes being displayed without any form of validation o...
CVE-2022-46686
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to set or change these...
GHSA-9XMX-RJ7J-FV9Q Firefly III vulnerable to stored XSS
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...
Firefly III vulnerable to stored XSS
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...
Online Shopping Alphaware 1.0 Insecure Direct Object Reference
Exploit Title: Online Shopping Alphaware 1.0 - 'Summary' Insecure Direct Object Reference Authenticated Date: 2020-8-4 Exploit Author: Edo Maland Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Cross-site Scripting (XSS)
grumpydictator/firefly-iii is vulnerable to cross-site scripting XSS. The attack is possible because it does not escape the user provided data in budget name, allowing an attacker to inject malicious script in a transaction to get executed on the tags/show/$tagnumber$ tag summary page...
CVE-2019-13644
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...
Design/Logic Flaw
DISPUTED Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the...
CVE-2019-13644
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...
PT-2019-13459 · Firefly Iii · Firefly-Iii
Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 4.7.17.1 Description: The issue is related to stored XSS due to the lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction and is executed on the...
divecomputertraining.com XSS vulnerability
Vulnerable URL: http://www.divecomputertraining.com/diveComputersSummary.php?type=dive=both==all=wrist=all=digital=1"...
Out-of-band release for Security Bulletin MS14-068
On Tuesday, November 18, 2014, at approximately 10 a.m. PST, we will release an out-of-band security update to address a vulnerability in Windows. We strongly encourage customers to apply this update as soon as possible, following the directions in the security bulletin. More information about th...
Mantis 1.2.x < 1.2.3 Cross-Site Scripting Vulnerability
Binary data 5676.prm...