20 matches found
CVE-2026-35015
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...
CVE-2026-35015 Open ISES Tickets < 3.44.2 Reflected XSS via do_unit_mail.php the_ticket Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...
CVE-2026-35015
Open ISES Tickets before 3.44.2 is vulnerable to a reflected XSS in do_unit_mail.php via the_ticket parameter. An authenticated attacker can inject arbitrary JavaScript by passing an unsanitized value into the_ticket, which is then inserted into a JavaScript variable assignment and executed when ...
CVE-2026-35015
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dounitmail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the theticket GET parameter directly into a JavaScript variable assignment. Attacker...
PT-2026-42257
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in do unit mail.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the the ticket GET parameter directly into a JavaScript variable assignment...
CVE-2026-2493
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...
CVE-2026-2493
IceWarp collaboration Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling...
CVE-2023-53935
WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...
CVE-2023-53935 WBiz Desk 1.2 SQL Injection Vulnerability via ticket.php Parameter
WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...
CVE-2023-53935
Summary: CVE-2023-53935 affects WBiz Desk 1.2, where a SQL injection flaw exists in ticket.php via the non-admin-accessible tk parameter. The vulnerability enables crafted UNION-based SQL payloads that can extract sensitive data by targeting the ticket endpoint. Impact (as described): Non-admin u...
CVE-2023-53935 WBiz Desk 1.2 SQL Injection Vulnerability via ticket.php Parameter
WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...
EUVD-2023-28259
Malicious code in bioql PyPI...
CampCodes Online Food Ordering System 注入漏洞
CampCodes Online Food Ordering System is an online food ordering system from CampCodes, Inc. An injection vulnerability exists in version 1.0 of the CampCodes Online Food Ordering System, which originates from an SQL injection caused by the operation of the ticketid parameter in the file...
Chamilo LMS 安全漏洞
Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo LMS version 1.11.26, which stems...
CVE-2023-31943
SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticketid parameter at ticketdetail.php...
SolarWinds Web Help Desk 跨站脚本漏洞
Solarwinds Web Help Desk is a suite of help desk and asset management software from Solarwinds USA. The software supports centralized knowledge base, IT asset management, project and task management, and more. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0 that...
CVE-2020-10824
A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 2 of 3...
CVE-2018-10197
There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...
CVE-2012-1219
Multiple cross-site scripting XSS vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the 1 ticket parameter to tickets.php, 2 title parameter to notes.php, or 3 task parameter to todo.php. NOTE: some of these details are obtained from third par...
CVE-2006-4539
1 includes/widgets/modulecompanytickets.php and 2 includes/widgets/moduletracktickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the...