EUVD-2026-33746

A security vulnerability has been detected in Bottelet DaybydayCRM up to 2.2.1. This impacts the function view of the file app/Http/Controllers/DocumentsController.php. Such manipulation leads to improper authorization. The attack may be launched remotely. It is best practice to apply a patch to...

CSZ-CMS 安全漏洞

CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...

CVE-2024-37629

SummerNote v0.9.1 is vulnerable to Cross Site Scripting XSS via the Code View Function...

CVE-2022-32336

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/viewmenu.php?id=...

CVE-2021-4333

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

OpenPanel 安全漏洞

OpenPanel is a web hosting panel from OpenPanel, Inc. A security vulnerability exists in OpenPanel version v0.3.4, which is caused by a directory traversal vulnerability in the Copy and View functions of the File Manager component...

SummerNote Cross Site Scripting Vulnerability

SummerNote 0.8.18 is vulnerable to Cross Site Scripting XSS via the Code View Function...

GHSA-CC55-MVQC-G9MG SummerNote Cross Site Scripting Vulnerability

SummerNote 0.8.18 is vulnerable to Cross Site Scripting XSS via the Code View Function...

CVE-2024-37629

SummerNote v0.9.1 is vulnerable to Cross Site Scripting XSS via the Code View Function...

CVE-2024-37629

SummerNote v0.9.1 is vulnerable to Cross Site Scripting XSS via the Code View Function...

CVE-2024-37629

SummerNote v0.9.1 is vulnerable to Cross Site Scripting XSS via the Code View Function...

CVE-2024-37629

SummerNote vulnerability CVE-2024-37629 impacts SummerNote in Code View mode across versions including v0.9.1 (and related advisories cite v0.8.18 in older contexts). The NVD/NVD-derived details indicate XSS due to insufficient input handling, with a CVSSv3.1 base score of 6.1 (Medium): attack ve...

CVE-2024-37629

SummerNote v0.9.1 is vulnerable to Cross Site Scripting XSS via the Code View Function...

PT-2024-15509 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validatio...

PT-2024-15506 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to unauthorized modification of data due to a missing capability check on...

PT-2024-15505 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to a missing capability check on the save view function, allowing...

PT-2024-15508 · WordPress · Views For Wpforms

Name of the Vulnerable Software and Affected Versions: The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress versions up to, and including, 3.2.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validatio...

CVE-2024-1061

The 'HTML5 Video Player' WordPress Plugin, version 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'getview' function...

PT-2024-16405 · Unknown · Html5 Video Player

Name of the Vulnerable Software and Affected Versions: HTML5 Video Player version 2.5.25 Description: The issue is an unauthenticated SQL injection vulnerability. It affects the id parameter in the get view function. Recommendations: For version 2.5.25, update to version 2.5.25 or later to resolv...

WordPress Plugin HTML5 Video Player SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...