CVE-2019-7168

A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...

EUVD-2022-5626

Malicious code in bioql PyPI...

EUVD-2022-3361

Malicious code in bioql PyPI...

GHSA-R9MQ-3C9R-FMJQ Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy

Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...

CVE-2024-1660

The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-43377

A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...

Sql injection

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, linguacli, mesenascita, and mesescaddoc parameters...

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

Sql injection

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

UBUNTU-CVE-2023-43375

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, linguacli, mesenascita, and mesescaddoc parameters...

CVE-2023-43373

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the nutenteagg parameter at /hoteldruid/interconnessioni.php...

CVE-2023-43377

A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...

CVE-2023-43373

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the nutenteagg parameter at /hoteldruid/interconnessioni.php...

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

CVE-2023-43375

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, linguacli, mesenascita, and mesescaddoc parameters...

CVE-2023-43377

A cross-site scripting XSS vulnerability in /hoteldruid/visualizzacontratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatarioemail1 parameter...

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...

CVE-2023-43371

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php...

CVE-2023-43371

CVE-2023-43371 affects Hoteldruid v3.0.5 with a SQL injection in the numcaselle parameter of the /hoteldruid/creaprezzi.php endpoint. The vulnerability is rated CRITICAL (CVSS v3.1: 9.8, Network, Low Privilege, No Auth, High impact on Confidentiality/Integrity/Availability). Exploitation is remot...

CVE-2023-43374

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the idutentelog parameter at /hoteldruid/personalizza.php...