5 matches found
CVE-2026-30527
The CVE-2026-30527 issue affects SourceCodester Online Food Ordering System v1.0, specifically in the Category management module of the admin panel. The vulnerability is a Stored XSS arising from insufficient sanitization of the Category Name field when creating or updating categories. When an ad...
CVE-2026-30527
A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. Whe...
EUVD-2025-208175
Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists in the sessioncategoryadd.php script. The vulnerability is caused by improper sanitization of the Category Name field, allowing privileged users to inject persistent JavaScrip...
CVE-2021-24848
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection...
PT-2019-14527 · Jobberbase · Jobberbase
Name of the Vulnerable Software and Affected Versions: Jobberbase version 2.0 Description: The issue arises from the lack of sanitization of the category parameter in the public/page subscribe.php file, leading to a SQL injection vulnerability in the /subscribe endpoint. Recommendations: For...