Cross site scripting

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0...

PHPJabbers Cleaning Business Software Cross-Site Scripting Vulnerability

Cleaning Business Software is an open source cleaning business software by PHPJabbers. PHPJabbers Cleaning Business Software version 1.0 has a security vulnerability that stems from a cross-site scripting XSS vulnerability in the theme parameter of preview.php...

PT-2023-25448 · Phpjabbers · Phpjabbers Cleaning Business

Name of the Vulnerable Software and Affected Versions: PHPJabbers Cleaning Business Software version 1.0 Description: The issue is related to Cross Site Scripting XSS via the theme parameter of the "preview.php" endpoint. This allows for potential malicious script injection. No information is...

Class Scheduling System Cross-Site Scripting Vulnerability

Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0 due to a cross-site scripting XSS vulnerability in the theme parameter of preview.php...

PT-2023-25447 · Phpjabbers · Phpjabbers Class Scheduling System

Name of the Vulnerable Software and Affected Versions: PHPJabbers Class Scheduling System version 1.0 Description: The issue is related to a Cross Site Scripting XSS vulnerability. This vulnerability is found in the theme parameter of the "preview.php" file. Recommendations: For PHPJabbers Class...

CVE-2023-36138

PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting XSS via the theme parameter of preview.php...

CVE-2023-36138

PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting XSS via the theme parameter of preview.php...

CVE-2023-33564

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3...

PHPJabbers Time Slots Booking Calendar Cross Site Scripting Vulnerability

PHPJabbers Time Slots Booking Calendar is a booking system from PHPJabbers. A cross-site scripting vulnerability exists in PHPJabbers Time Slots Booking Calendar v3.3, which stems from a cross-site scripting XSS vulnerability in the theme parameter of Preview.php...

PT-2023-24390 · Phpjabbers · Php Jabbers Time Slots Booking Calendar

Name of the Vulnerable Software and Affected Versions: PHPJabbers Time Slots Booking Calendar version 3.3 Description: The issue is related to a Cross Site Scripting XSS vulnerability. This vulnerability is found in the theme parameter of the "preview.php" file. Recommendations: For PHPJabbers Ti...

PT-2023-10636 · Unknown · Fuzzy Swmp

Name of the Vulnerable Software and Affected Versions: Fuzzy SWMP affected versions not specified Description: A problematic issue affects the processing of the file swmp.php in the component GET Parameter Handler. The manipulation of the theme argument leads to cross-site scripting. The attack c...

Fuzzy SWMP 跨站脚本漏洞

SWMP is a Linux server statistics dashboard by the individual developer of Fuzzy. A cross-site scripting vulnerability exists in Fuzzy SWMP, which stems from a problem with the file swmp.php, where manipulation of the parameter theme can lead to cross-site scripting...

SUSE CVE-2006-2417

Cross-site scripting XSS vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031...

Argument Injection

froxlor/froxlor is vulnerable to argument injection. The vulnerability exists in the multiple functions in the library, allowing an attacker to inject and execute malicious HTML through the theme parameter...

Authenticated HTMLi via theme parameter on /lib/ajax.php

Description The theme parameter is vulnerable to HTMLi on /lib/ajax.php endpoint Proof of Concept - go to https://v2.demo.froxlor.org - Login with a user - Go to https://v2.demo.froxlor.org/lib/ajax.php?action=newsfeed&theme=%3C/br%3E%3Ch1%3EHTMLi%20by%20leorac%3C/h1%3E%3Cbr%3E - You'll see the...

CVE-2022-28420

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=...

Microweber 跨站脚本漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. A cross-site scripting vulnerability exists in versions of Microweber prior to 1.2.11. The vulnerability stems from a lack...

Mara CMS Cross-Site Scripting Vulnerability

Mara CMS is a file-based content management system. A cross-site scripting vulnerability exists in Mara CMS 7.5. The vulnerability can be exploited to conduct cross-site scripting attacks via contact.php?theme=...

CVE-2020-24223

Mara CMS 7.5 allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters...

PT-2020-15666 · Mara · Mara Cms

Name of the Vulnerable Software and Affected Versions: Mara CMS version 7.5 Description: The issue allows cross-site scripting XSS in contact.php via the theme or pagetheme parameters. This means an attacker could potentially inject malicious scripts into the website, affecting users who visit th...