CVE-2025-48484

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data in the conversation POST data body. This issue has been patched in versio...

PT-2025-22747 · Metagauss · Metagauss Profilegrid

Name of the Vulnerable Software and Affected Versions: Metagauss ProfileGrid versions n/a through 5.9.5.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2019-14478

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting XSS vulnerability in the NetCrunch web client. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScrip...

PT-2025-16970 · Unknown · Cwd – Stealth Links

Name of the Vulnerable Software and Affected Versions: CWD – Stealth Links versions n/a through 1.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. This allows for SQL Injection attacks. Recommendations:...

PT-2025-3400 · Classcms · Classcms

Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8 Description: The issue is related to Cross Site Scripting XSS in the class/admin/channel.php file. This allows for potential malicious script injection. Recommendations: For ClassCMS version 4.8, consider restricting acce...

CVE-2024-40518

Affected software/components: SeaCMS 12.9; vulnerable file: admin_weixin.php which writes user input directly into weixin.php without processing. Root cause / vulnerability type: Direct splicing/writing of unprocessed user input leading to remote code execution. Impact: Authenticated attackers ca...

Cross-site Scripting(XSS)

silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to the lack of proper sanitization or encoding of user-input data when it is displayed in TreeDropdownField and TreeMultiSelectField, which allows an attacker to execute malicious JavaScript code...

HCL Sametime Security Vulnerability

HCL Technologies HCL Sametime is a conferencing solution from HCL Technologies, USA. A security vulnerability exists in HCL Sametime that originates from the browser storing data entered by the user...

Cross site scripting

A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, a...

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications lies in insufficient encoding of user-input data, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the software for integrating SAP NetWeaver Process Integration corporate applications is related to insufficient encoding of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

Simple Online Mens Salon Management System Cross-Site Scripting Vulnerability

Simple Online Mens Salon Management System is open source a men's salon management system . Simple Online Mens Salon Management System v1.0 version of a cross-site scripting vulnerability , the vulnerability stems from the file /admin/?page=user/list parameter First Name/Last Name/Username on the...

kernel: udmabuf: improper validation of array index leading to local privilege escalation

A flaw was found in the Linux kernel's udmabuf device driver, within a fault handler. This issue occurs due to the lack of proper validation of user-supplied data, which can result in memory access past the end of an array. This may allow an attacker to escalate privileges and execute arbitrary...

CVE-2023-25350

Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection...

CVE-2022-31743

Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...

ASUS RT-AX56U Buffer Overflow Vulnerability

ASUS RT-AX56U is a wireless router from ASUS, China.ASUS RT-AX56U Router firmware version 3.0.0.4.386.44266 has a buffer overflow vulnerability, which stems from the strcat function's lack of length checks for user input data, which can be exploited by attackers to remotely execute commands...

CVE-2022-38400

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...

SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is...

Cisco Security Manager Cross-Site Scripting Vulnerability

Cisco Security Manager CSM is a set of enterprise-level management applications from Cisco, which are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices. cross-site scripting vulnerability exists in Cisco Security Manager, which stem...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2021-94164)

IBM QRadar SIEM is a solution from IBM America that leverages security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. A cross-site...

WordPress Plugin SQL Injection Vulnerability (CNVD-2021-101473)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. SQL injection vulnerability exists in the Wordpress...