5210 matches found
GHSA-25Q6-M425-9FQR Feehi CMS Cross-site Scripting
A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...
CVE-2022-34140
A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...
CVE-2022-34140
A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...
CVE-2021-33371
A stored cross-site scripting XSS vulnerability in /navbaraction.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box...
Cross site scripting
Sims v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter...
CVE-2022-34550
Sims v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo parameter...
CVE-2022-34611
A cross-site scripting XSS vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac " text field...
CVE-2022-34594
Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component ip/school/moudel/updatesubject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text...
Cross site scripting
A cross-site scripting XSS vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac " text field...
Cross site scripting
Advanced School Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component ip/school/moudel/updatesubject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text...
CVE-2022-34611
A cross-site scripting XSS vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac " text field...
PT-2022-22225 · Unknown · Advanced School Management System
Name of the Vulnerable Software and Affected Versions: Advanced School Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field. This is achieved through the component...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
Design/Logic Flaw
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
CVE-2022-35569
Blogifier v3.0 contains an arbitrary file upload vulnerability at /api/storage/upload/PostImage that can allow attackers to execute arbitrary web scripts or HTML via a crafted file. The issue is documented across multiple sources (e.g., NVD and Red Hat CVE pages) with the root cause being an unse...
CVE-2022-35569
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file...
IBM Engineering Requirements Quality Assistant Cross-Site Scripting Vulnerability
IBM Engineering Requirements Quality Assistant is a Watson AI-based software from IBM to assist developers in improving the quality of engineering requirements. The application can significantly reduce the cost of finding defects and facilitate the early detection of requirements errors in the...
Cross site request forgery (csrf)
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...
Cross site request forgery (csrf)
The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the dxssadminpage function found in the /dx-share-selection.php file. This makes it possible for unauthenticated attackers to...