CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

CVE-2025-67342

RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all users, any user with menu modification permissions ca...

CVE-2025-67342

CVE-2025-67342 affects Ruoyi (RuoYi) 4.8.1 and earlier, with a stored XSS in the /system/menu/edit endpoint where the XSS filter can be bypassed. Because the menu is shared across all users, any user with menu modification permissions can impact all users. Affected component: /system/menu/edit; r...

Ruoyi 安全漏洞

Ruoyi is a backend management system by Ruoyi's individual developers. A security vulnerability exists in Ruoyi 4.8.1 and earlier versions, which stems from a bypassable stored cross-site scripting vulnerability in the /system/menu/edit endpoint that could affect all users...

CVE-2023-1594

A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

PHPJabbers Event Booking Calendar 4.0 Cross Site Scripting / HTML Injection

Exploit Title: PHPJabbers Event Booking Calendar v4.0 - Multiple Stored XSS Date: 19/12/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/event-booking-calendar/sectionDemo Version: v4.0 Tested o...

PHPJabbers Time Slots Booking Calendar 4.0 HTML Injection

Exploit Title: PHPJabbers Time Slots Booking Calendar v4.0 - HTML Injection Date: 13/11/2023 Exploit Author: BugsBD Limited Discover by: Rahad Chowdhury Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/time-slots-booking-calendar/ Version: v4.0 Tested on:...

CVE-2023-41443

SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list...

PT-2023-27946 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus version 4.1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in the "/sys/menu/list" API endpoint. This enables the attacker to inject malicious SQL code,...

Novel-Plus SQL Injection Vulnerability

Novel-Plus is an online social reading and writing platform from Novel-Plus, Inc. A security vulnerability exists in Novel-Plus version v.4.1.0 that originates from a vulnerability that allows remote attackers to use a crafted script to execute arbitrary code via the sort parameter in...

novel-plus SQL注入漏洞

novel-plus novel-plus is a multi-end PC, WAP reading, full-featured original literature CMS system. A SQL injection vulnerability exists in novel-plus version 3.6.2, which originates from a security issue in the function MenuService in file sys/menu/list, which leads to an SQL injection via the...

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

Sql injection

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

CVE-2022-38285

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /system/menu/list...

JFinal SQL注入漏洞

JFinal is a Java-based WEB + ORM open source framework. JFinal CMS version 5.1.0 has a security vulnerability , the vulnerability stems from /system/menu/list SQL injection vulnerability...