1001 matches found
CVE-2026-37748
Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...
EUVD-2026-23921
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...
CVE-2026-39112
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...
CVE-2026-39112
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...
CVE-2026-39112
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...
PT-2026-33819
Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...
PHPGurukul Apartment Visitors Management System 安全漏洞
PHPGurukul Apartment Visitors Management System is an apartment visitor management system developed by PHPGurukul Corporation. Version V1.1 of the PHPGurukul Apartment Visitors Management System contains a security vulnerability. This vulnerability stems from an SQL injection issue with the email...
CVE-2026-39110
SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...
CVE-2026-39112
CVE-2026-39112 : Cross-Site Scripting in Apartment Visitors Management System V1.1. The vulnerability is in the visname parameter of visitors-form.php; an authenticated attacker can inject arbitrary JavaScript that executes when viewing the input in manage-newvisitors.php or visitor-detail.php. E...
CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field
Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...
Decidim has a cross-site scripting (XSS) in user name
Impact A stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. Patches N/A Workarounds...
EUVD-2026-21855
A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...
CVE-2026-6162
A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...
CVE-2026-6162
CVE-2026-6162 affects PHPGurukul Company Visitor Management System 2.0. The vulnerability lies in the file /bwdates-reports-details.php where manipulating the argument fromdate leads to Cross-Site Scripting (XSS) . Exploitation is possible remotely and the exploit has been disclosed publicly. Bas...
CVE-2026-6162 PHPGurukul Company Visitor Management System bwdates-reports-details.php cross site scripting
A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...
CVE-2026-6162
A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...
CVE-2026-6162 PHPGurukul Company Visitor Management System bwdates-reports-details.php cross site scripting
A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...
PHPGurukul Company Visitor Management System 代码注入漏洞
PHPGurukul Company Visitor Management System is a visitor management system developed by PHPGurukul Corporation. Version 2.0 of the PHPGurukul Company Visitor Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “fromdate” in the...
PT-2026-32263
A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...
CVE-2026-4303
The WP Visitor Statistics Real Time Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsmshowDayStatsGraph' shortcode in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...