7 matches found
CVE-2026-48230
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...
CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ticketsmdbimport.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters mdbhost, mdbdb, mdbuser, mdbpassword, mdbprefix,...
CVE-2026-44418
EcclesiaCRM (8.0.0 and earlier) is affected. The ValidateInput() function’s default case in the query view passes user-supplied POST parameters directly into SQL queries via str_replace without sanitization, enabling SQL injection through query parameters that use non-standard validation types. T...
CVE-2017-20216 FLIR Thermal Camera PT-Series firmware version 8.0.0.64 Unauthenticated Remote Command Injection
FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitrary system commands as root by exploiting unsanitized POST parameters in the execFlirSystem functi...
CVE-2021-24983
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanupfetchactivepluginsicons AJAX action available to admin users, leading to a Reflected Cross-Site Scripting issue...
CVE-2021-24556
The kentoemailsubscriberajax AJAX action of the Email Subscriber WordPress plugin through 1.1, does not properly sanitise, validate and escape the submitted subscribeemail and subscribename POST parameters, inserting them in the DB and then outputting them back in the Subscriber list...
WordPress Copy Or Move Comments 1.0.0 Cross Site Scripting Vulnerability
WordPress Copy or Move Comments plugin version 1.0.0 suffers from a cross site scripting vulnerability. Title: WordPress 'Copy or Move Comments' Plugin Version: 1.0.0 Author: Morten Nørtoft, Kenneth Jepsen & Mikkel Vej Date: 2015-06-16 Download: -...