229 matches found
GHSA-5H47-9RM5-FX3F Evolution CMS Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...
CVE-2023-43341
Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...
CVE-2023-43341
Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...
CVE-2023-43341
Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...
CVE-2023-43341
CVE-2023-43341 affects Evolution CMS – Evolution evo 3.2.3. The connected documents describe a Cross-Site Scripting (XSS) vulnerability where a crafted payload injected into the uid parameter allows a local attacker to execute arbitrary code on the affected system. The issue is consistently repor...
CVE-2023-43341
Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...
CVE-2023-43341
Cross-site scripting XSS vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter...
PT-2023-30447 · Ibos Oa · Ibos Oa
Name of the Vulnerable Software and Affected Versions: IBOS OA version 4.5.5 Description: A critical issue affects the processing of the file at the endpoint "?r=dashboard/user/export&uid=uid", leading to SQL injection. The attack can be initiated remotely. Recommendations: For IBOS OA version...
CVE-2023-2089
A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack...
SourceCodester Complaint Management System SQL注入漏洞
Complaint Management System is a complaint management system by the individual developer Arvin Arandilla. A SQL injection vulnerability exists in SourceCodester Complaint Management System version 1.0, which stems from a problem in the file /admin/userprofile.php, where manipulation of the...
PT-2023-17689 · Sourcecodester · Sourcecodester Complaint Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Complaint Management System version 1.0 Description: A critical issue affects the processing of the file /admin/userprofile.php, specifically the component GET Parameter Handler. The manipulation of the uid argument leads to SQ...
Design/Logic Flaw
IBM Rational Asset Manager 7.5 could allow a remote attacker to bypass security restrictions. An attacker could exploit this vulnerability using the UID parameter to modify another user's preferences...
PT-2025-45364
Name of the Vulnerable Software and Affected Versions SuiteCRM versions prior to 7.12.6 Description SuiteCRM’s export functionality has a SQL injection issue due to a failure to sanitize SQL query structure when processing the uid parameter. Successful exploitation could allow a remote,...
showdoc uid Parameter SQL Injection Vulnerability
showdoc is open source a great tool for IT teams to share documents online. A SQL injection vulnerability exists in showdoc versions prior to 2.10.3, which stems from a lack of validation of the uid parameter of showdoc against externally entered SQL statements. An attacker can exploit this...
CVE-2021-42565
myfactory.FMS before 7.1-912 allows XSS via the UID parameter...
Design/Logic Flaw
myfactory.FMS before 7.1-912 allows XSS via the UID parameter...
CVE-2021-42565
Summary : CVE-2021-42565 affects myfactory FMS; versions up to 7.1-912 are vulnerable to Cross-Site Scripting via the UID parameter. The Nuclei/NVD entries corroborate the issue and describe it as a client-side script execution risk in login/UID handling. The connected documents specify the affec...
CVE-2021-42565
myfactory.FMS before 7.1-912 allows XSS via the UID parameter...
myfactory.FMS 跨站脚本漏洞
myfactory.FMS is a transaction management system. A cross-site scripting vulnerability exists in Myfactory.FMS that stems from the product's UID parameter failing to properly validate user input data. The vulnerability can be exploited to execute client-side code. The following products and...
U.S. Dept Of Defense: IDOR on https://██████ via POST UID enables database scraping
Summary: The UID parameter on █████████ in the ██████ ███████ system, with ███████, does not validate that the caller has permission to view information on the UID entered, thereby enabling personnel and student data extraction. Description: The user operations API endpoint for the ███ ██████████...