320 matches found
CVE-2020-25270
PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City...
CVE-2019-0281
SAPUI5 and OpenUI5, before versions 1.38.39, 1.44.39, 1.52.25, 1.60.6 and 1.63.0, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0385
SAP Enable Now, before version 1908, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0326
SAP BusinessObjects Business Intelligence Platform BI Workspace Enterprise, versions 4.1, 4.2, 4.3, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2010-4500
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY MCG FreeTicket 1.0.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 email, 3 subject, and 4 message parameters in a sendmess action. NOTE: the provenance of this...
CVE-2019-0376
SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in...
CVE-2025-23166
The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...
CVE-2025-26662
The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the SignTraits::DeriveBits function, which incorrectly invokes ThrowException based on user inputs when executing in a background thread. This allows an attacker to trigger a runtime crash. Note: The cryptographic...
CVE-2025-26662
The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This...
CVE-2025-26662
CVE-2025-26662 describes a Cross-Site Scripting vulnerability in the SAP Data Services Management Console caused by insufficient encoding of user-controlled input. If a logged-in user clicks a crafted link, injected script executes in the victim’s browser, potentially impacting confidentiality an...
PT-2025-20804 · Sap Se · Sap Data Services Management Console
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns insufficient encoding of user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on a compromised...
CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML)
SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page,...
PT-2025-15364 · Sap · Sap Netweaver Application Server Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Application Server ABAP affected versions not specified Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. It occurs because the software does not properly encode user-controlled inputs, allowi...
CVE-2025-31138
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...
CVE-2025-31138 tarteaucitron.js allows UI manipulation via unrestricted CSS injection
tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js prior to 1.20.1, where user-controlled inputs for element dimensions width and height were not properly validated. This allowed an attacker with direct access to the site's source code...
CVE-2025-26659
CVE-2025-26659 – SAP NetWeaver ABAP (WebGUI) is a DOM-based XSS vulnerability caused by insufficient encoding of user-controlled inputs in the SAP NetWeaver Application Server ABAP. The flaw allows an attacker with no privileges to craft a malicious web message that executes JavaScript in the vic...
CVE-2024-12038 Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buddyformsnav' shortcode in all versions up to, and including, 2.8.15 due to insufficient input...
CVE-2024-13534
CVE-2024-13534 affects the WordPress plugin “Small Package Quotes – Worldwide Express Edition.” The issue is an unauthenticated SQL Injection via the edit_id and dropship_edit_id parameters in all versions up to and including 5.2.18, stemming from insufficient escaping and inadequate preparation ...
CVE-2024-36673
Sourcecodester Pharmacy/Medical Store Point of Sale System 1.0 is vulnerable SQL Injection via login.php. This vulnerability stems from inadequate validation of user inputs for the email and password parameters, allowing attackers to inject malicious SQL queries...