Lucene search
+L

1001 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.6 views

CVE-2026-37748

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

5.9AI score0.00807EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/20 6:31 p.m.5 views

EUVD-2026-23921

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 6:16 p.m.7 views

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

5.4CVSS0.00165EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.28 views

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

0.00165EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 12:0 a.m.3 views

CVE-2026-39112

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

5.9AI score0.00165EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33819

Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject arbitrary JavaScript that is later executed when the malicious input is viewed in...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

PHPGurukul Apartment Visitors Management System 安全漏洞

PHPGurukul Apartment Visitors Management System is an apartment visitor management system developed by PHPGurukul Corporation. Version V1.1 of the PHPGurukul Apartment Visitors Management System contains a security vulnerability. This vulnerability stems from an SQL injection issue with the email...

7.5CVSS5.9AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.35 views

CVE-2026-39110

SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page forgot-password.php. This allows an unauthenticated attacker to manipulate backend SQL queries during authentication and retrieve...

0.00295EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 12:0 a.m.10 views

CVE-2026-39112

CVE-2026-39112 : Cross-Site Scripting in Apartment Visitors Management System V1.1. The vulnerability is in the visname parameter of visitors-form.php; an authenticated attacker can inject arbitrary JavaScript that executes when viewing the input in manage-newvisitors.php or visitor-detail.php. E...

5.4CVSS5.9AI score0.00165EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/13 4:52 p.m.4 views

CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/13 4:35 p.m.9 views

Decidim has a cross-site scripting (XSS) in user name

Impact A stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. Patches N/A Workarounds...

9.3CVSS6.5AI score0.00356EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/04/13 6:30 a.m.7 views

EUVD-2026-21855

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References6
NVD
NVD
added 2026/04/13 5:16 a.m.4 views

CVE-2026-6162

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS0.00244EPSS
Exploits0References5
CVE
CVE
added 2026/04/13 5:0 a.m.7 views

CVE-2026-6162

CVE-2026-6162 affects PHPGurukul Company Visitor Management System 2.0. The vulnerability lies in the file /bwdates-reports-details.php where manipulating the argument fromdate leads to Cross-Site Scripting (XSS) . Exploitation is possible remotely and the exploit has been disclosed publicly. Bas...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/13 5:0 a.m.4 views

CVE-2026-6162 PHPGurukul Company Visitor Management System bwdates-reports-details.php cross site scripting

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/13 5:0 a.m.2 views

CVE-2026-6162

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/13 5:0 a.m.31 views

CVE-2026-6162 PHPGurukul Company Visitor Management System bwdates-reports-details.php cross site scripting

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS0.00244EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

PHPGurukul Company Visitor Management System 代码注入漏洞

PHPGurukul Company Visitor Management System is a visitor management system developed by PHPGurukul Corporation. Version 2.0 of the PHPGurukul Company Visitor Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “fromdate” in the...

5.1CVSS5.7AI score0.00244EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.11 views

PT-2026-32263

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References6
NVD
NVD
added 2026/04/08 10:16 a.m.8 views

CVE-2026-4303

The WP Visitor Statistics Real Time Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wsmshowDayStatsGraph' shortcode in all versions up to, and including, 8.4 due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS0.00274EPSS
Exploits0References8
Rows per page
Query Builder