CVE-2023-30454

An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be...

CVE-2010-3608

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

CVE-2025-3537

A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely...

CVE-2025-3537

CVE-2025-3537 affects Tutorials-Website Employee Management System v1.0. The vulnerability exists in an unknown portion of the file /admin/update-user.php, where manipulating the ID argument enables improper authorization and remote attack capability. Public disclosure of the exploit is noted, wi...

CVE-2024-13035

A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/updateuser.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed t...

Warehouse Inventory System 安全漏洞

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the deleteuser.php component not adequately verifying that a request comes from a truste...

SourceCodester Tracking Monitoring Management System SQL注入漏洞

SourceCodester Tracking Monitoring Management System is a monitoring management system from SourceCodester Inc. A SQL injection vulnerability exists in SourceCodester Tracking Monitoring Management System version 1.0, which is caused by an SQL injection vulnerability in the id parameter of the...

House Rental System SQL Injection Vulnerability

House Rental System is a house rental management system that allows you to add, modify and delete property information and to place reservations. A SQL injection vulnerability exists in itsourcecode Online House Rental System version 1.0, which stems from the fact that manageuser.php contains an...

College Management System SQL注入漏洞

College Management System is a simple project organized by Code Projects. It is used to keep track of students, teachers, subjects, schedules and all things related to the university. College Management System version 1.0 has a SQL injection vulnerability that stems from a SQL injection...

SUSE Linux Enterprise Server Security Vulnerability

SUSE Linux Enterprise Server is an enterprise server edition of the Linux operating system from SUSE Germany. A security vulnerability exists in SUSE Linux Enterprise Server that originates from an attacker being able to bypass restrictions via Tomcat User Post Script to elevate privileges...

CVE-2024-1111

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched...

CVE-2023-6684 Ibtana – WordPress Website Builder <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possib...

Open-Xchange App Suite Cross-Site Scripting Vulnerability

Open-Xchange App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange App Suite backend version 7.10.6-rev52, Open-Xchange App Suite frontend version 7.10.6-rev35, which stems from not properly cleaning up user-defined...

CVE-2023-6464

A vulnerability was found in SourceCodester User Registration and Login System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /endpoint/add-user.php. The manipulation of the argument user leads to sql injection. The attack may be launched remotely...

KLive Security Vulnerabilities

KLive is a Qt QML based aggregated live streaming box by 32ns individual developers. A security vulnerability exists in KLive v.2019-1-19 and earlier versions, which stems from a SQL injection vulnerability in the web/user.php component...

CVE-2023-24595

An OS command injection vulnerability exists in the ysthirdparty systemuserscript functionality of Milesight UR32L v32.3.0.5. A specially crafted series of network requests can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L ysthirdparty systemuserscript function, which can be exploited by an attacker to execute arbitrary commands on the system...

CVE-2023-2348

A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manageuser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. T...

SUSE CVE-2016-5136

Use-after-free vulnerability in extensions/renderer/userscriptinjector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion...