CVE-2026-29038

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

changedetection.io 安全漏洞

changedetection.io is a website monitoring and notification application developed by dgtlmoon. Versions of changedetection.io prior to 0.54.1 contained a security vulnerability. This vulnerability stemmed from the RSS monitoring endpoint not properly escaping the UUID path parameter in HTML, whic...

CVE-2019-25399

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute...

CVE-2019-25399

IPFire 2.21 Core Update 127 contains multiple stored XSS vulnerabilities in the extrahd.cgi script. Attackers can submit POST requests with script payloads in the FS, PATH, and UUID parameters, enabling execution of arbitrary JavaScript in the context of authenticated administrator sessions. The ...

PT-2026-20501

IPFire 2.21 Core Update 127 contains multiple stored cross-site scripting vulnerabilities in the extrahd.cgi script that allow attackers to inject malicious scripts through the FS, PATH, and UUID parameters. Attackers can submit POST requests with script payloads in these parameters to execute...

PT-2025-52829

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description Orangescrum version 1.8.0 has an authenticated SQL injection issue. Authorized users can manipulate database queries through vulnerable parameters. Specifically, attackers can inject malicious SQL code int...

CVE-2025-12919

Summary: CVE-2025-12919 affects EverShop up to 2.0.1, specifically the function in /src/modules/oms/graphql/types/Order/Order.resolvers.js within the Order Handler. The vulnerability stems from manipulation of the uuid argument, causing improper control of resource identifiers and enabling a remo...

CVE-2025-10496

The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2025-10496

CVE-2025-10496 affects the WordPress plugin Cookie Notice & Consent (versions up to 1.6.5). Root cause: stored cross-site scripting via the uuid parameter due to insufficient input sanitization/output escaping. Impact: unauthenticated attackers can inject arbitrary scripts that execute when users...

CVE-2025-10496 Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting

The Cookie Notice & Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the uuid parameter in all versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

EUVD-2021-26931

Malware in sbrugna...

CVE-2025-5107

A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xmlcdr/xmlcdrdetails.php. The manipulation of the argument uuid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed ...

CVE-2021-32092

A Cross-site scripting XSS vulnerability in the DocumentAction component of U.S. National Security Agency NSA Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter...

DiDi Super-Jacoco 命令注入漏洞

DiDi Super-Jacoco is a one-stop JAVA code full/diff coverage collection platform from China's DiDi DiDi company. A command injection vulnerability exists in DiDi Super-Jacoco version 1.0, which stems from the parameter uuid in the file /cov/triggerEnvCov that can lead to command injection...

CVE-2024-2621

A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwdupdate.php. The manipulation of the argument uuid leads to sql injection. The atta...

Fujian Kelixin Command and Dispatch Platform SQL Injection Vulnerability

Fujian Kelixin Command and Dispatch Platform is a command and dispatch platform from Fujian Kelixin Company. A SQL injection vulnerability exists in Fujian Kelixin Command and Dispatch Platform version 20240318 and earlier versions, which originates from an unknown function in...

PT-2024-21308 · Fujian Kelixin · Fujian Kelixin Communication Command/Dispatch Platform

Name of the Vulnerable Software and Affected Versions: Fujian Kelixin Communication Command and Dispatch Platform versions up to 20240318 Description: A critical issue affects some unknown functionality of the file api/client/user/pwd update.php. The manipulation of the uuid argument leads to SQL...

CVE-2021-3628

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

CVE-2021-3628

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...

Cross site scripting

OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting XSS. A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter...