CVE-2020-10430

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-subscribers.php by adding a question mark ? followed by the payload...

CVE-2020-10412

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/import-csv.php by adding a question mark ? followed by the payload...

CVE-2020-10474

Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to inject arbitrary web script or HTML via the GET parameter sort...

CVE-2020-24135

A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...

CVE-2015-0918

Cross-site scripting XSS vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php...

CVE-2024-41516

A Reflected cross-site scripting XSS vulnerability in "ccHandler.aspx" CADClick = 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter...

CVE-2024-41513

A reflected cross-site scripting XSS vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter...

CVE-2025-13667

The WP Recipe Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Skill Level' input field in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated...

CVE-2013-7318

Cross-site scripting XSS vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter...

CVE-2022-27061

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2006-3025

Cross-site scripting XSS vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

CVE-2024-2830

The WordPress Tag and Category Manager – AI Autotagger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sttagcloud' shortcode in all versions up to, and including, 3.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...

CVE-2025-69083 WordPress Frappé theme <= 1.8 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Frappé frappe allows PHP Local File Inclusion.This issue affects Frappé: from n/a through = 1.8...

CVE-2020-36909

SnapGear Management Console SG560 3.1.5 contains a file manipulation vulnerability that allows authenticated users to read, write, and delete files using the editconfigfiles CGI script. Attackers can manipulate POST request parameters in /cgi-bin/cgix/editconfigfiles to access and modify files...

WordPress plugin WING WordPress Migrator 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

SOUND4多款产品 访问控制错误漏洞

SOUND4 IMPACT and others are products of SOUND4, a French company.SOUND4 IMPACT is a professional audio processor for broadcasting.SOUND4 FIRST is an audio processor for broadcasting.SOUND4 PULSE is an audio processor. An Access Control Error vulnerability exists in various SOUND4 products, which...

MachSol MachPanel 安全漏洞

MachSol MachPanel is a cloud automation control panel and billing platform from US-based MachSol. A security vulnerability exists in MachSol MachPanel version 8.0.32, which stems from mishandling of specially crafted PDF files and could lead to the execution of arbitrary web script or HTML...

CVE-2025-67845

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences...

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

microStudio 安全漏洞

microStudio is an online game engine by Gilles Individual Developers. A security vulnerability exists in microStudio version 24.01.29, which stems from an HTML injection in the comments section of the project page, which could allow a remote attacker to inject arbitrary web script or HTML via the...