PT-2025-28157 · Parisneo · Lollms

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 20.1 Description: The issue arises from a timing attack vulnerability in the authenticate user function within the lollms authentication.py file. This vulnerability allows attackers to enumerate valid usernam...

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting

MyT Project Management 1.5.1 - Userusername Persistent Cross-Site Scripting Exploit Title: MyT Project Management - Userusername Stored Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://manageyourteam.net/index.html Software Link:...

CVE-2018-5307

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename...