CVE-2026-38935

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

PT-2026-35457

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

CVE-2026-38935

Diskover Community is affected by a reflected XSS in public/view.php via the doctype parameter, impacting versions

EUVD-2026-25890

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

CVE-2026-36920

Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php...

CVE-2026-26694

code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...

CVE-2025-11332 CmsEasy URL view.php cross site scripting

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...

CVE-2025-11332 CmsEasy URL view.php cross site scripting

A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHPSELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been public...

CVE-2025-10780

CodeAstro Simple Pharmacy Management 1.0 is affected by a SQL injection in the /view.php handler caused by manipulation of the bar_code parameter. The vulnerability enables remote exploitation and has public exploits/disclosures. Affected component: /view.php, bar_code input; root cause: improper...

CVE-2025-10780 CodeAstro Simple Pharmacy Management view.php sql injection

A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument barcode causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

CVE-2025-9929

A weakness has been identified in code-projects Responsive Blog Site 1.0. This affects an unknown function of the file blogsview.php. Executing manipulation of the argument productcode/genname/productname/supplier can lead to cross site scripting. It is possible to launch the attack remotely. The...

UBUNTU-CVE-2005-10004

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

image_gallery 跨站脚本漏洞

imagegallery is an image gallery management system by the individual developer Md. Yamin Hossain of Bangladesh. A cross-site scripting vulnerability exists in imagegallery version 1.0, which stems from a cross-site scripting attack due to improper handling of the username parameter in the...

CVE-2025-0175

A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been...

CVE-2023-6423

A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/eventsview.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user ...

PT-2023-20774 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the id argume...

CVE-2023-2408

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotel...

CVE-2022-35196

TestLink v1.9.20 was discovered to contain a Cross-Site Request Forgery CSRF via /lib/plan/planView.php...

CVE-2022-2017

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/viewvisit.php of the component Visit Handler. The manipulation of the argument id with the input...

CVE-2021-4134

The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensiti...