Lucene search
K

36 matches found

NVD
NVD
added 2026/05/21 6:16 p.m.15 views

CVE-2026-48230

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:10 p.m.43 views

CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS0.00212EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.9 views

CVE-2026-48230

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 5:9 p.m.9 views

EUVD-2026-31294

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42495

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters module choice, flag, confirmation directly into...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42508

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdb import.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/13 8:58 p.m.31 views

CVE-2026-44418 Incomplete fix for CVE-2026-35184: SQL Injection in phili67/ecclesiacrm

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

8.7CVSS0.00285EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 8:58 p.m.16 views

CVE-2026-44418

EcclesiaCRM (8.0.0 and earlier) is affected. The ValidateInput() function’s default case in the query view passes user-supplied POST parameters directly into SQL queries via str_replace without sanitization, enabling SQL injection through query parameters that use non-standard validation types. T...

8.7CVSS5.9AI score0.00285EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 8:58 p.m.9 views

CVE-2026-44418 Incomplete fix for CVE-2026-35184: SQL Injection in phili67/ecclesiacrm

EcclesiaCRM is CRM Software for church management. In 8.0.0 and earlier, the ValidateInput function's default case in EcclesiaCRM's query view passes user-supplied POST parameters directly into SQL queries via strreplace without any sanitization, enabling SQL injection through query parameters th...

8.7CVSS5.9AI score0.00285EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.69 views

📄 Pachno 1.0.6 Cross Site Scripting

Pachno version 1.0.6 suffers from persistent cross site scripting vulnerabilities. Pachno 1.0.6 Stored Cross-Site Scripting Vendor: Daniel André Eikeland Product web page: https://github.com/pachno/pachno Affected version: 1.0.6 Summary: Pachno is an open-source collaboration platform formerly...

5.2AI score
Exploits0
EUVD
EUVD
added 2026/04/10 6:31 a.m.3 views

EUVD-2026-21288

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

6.4CVSS6.1AI score0.002EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2013-7292

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

8.7CVSS5.9AI score0.00356EPSS
Exploits1References4
NVD
NVD
added 2026/03/16 2:17 p.m.4 views

CVE-2013-20006

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

8.7CVSS0.00356EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/15 6:34 p.m.3 views

CVE-2013-20006

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

5.9AI score0.00356EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/15 6:34 p.m.1 views

CVE-2013-20006 Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities

Qool CMS contains multiple persistent cross-site scripting vulnerabilities in several administrative scripts where POST parameters are not properly sanitized before being stored and returned to users. Attackers can inject malicious JavaScript code through parameters like 'title', 'name', 'email',...

8.7CVSS5.9AI score0.00356EPSS
Exploits1References3
NVD
NVD
added 2026/02/05 5:16 p.m.7 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

9.8CVSS0.00541EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS6.7AI score0.00541EPSS
Exploits1References3Affected Software1
Packet Storm
Packet Storm
added 2026/02/04 12:0 a.m.120 views

📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

7.2CVSS6.3AI score0.00454EPSS
Exploits1
Cvelist
Cvelist
added 2026/01/07 11:9 p.m.110 views

CVE-2017-20216 FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection

FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...

9.8CVSS0.1064EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1681

Name of the Vulnerable Software and Affected Versions SmartLiving SmartLAN versions 6.x and earlier Description SmartLiving SmartLAN contains a remote command injection issue in the web.cgi binary. The issue is due to an unsanitized par POST parameter within the 'testemail' module. An attacker ca...

8.8CVSS8AI score0.01685EPSS
Exploits0References8
Rows per page
Query Builder