CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting

A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=savepackage. The manipulation of the argument Title leads to cross site scripting. The attack can be initiat...

PT-2025-49109

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication...

CVE-2025-63362

Waveshare RS232/485 TO WIFI ETH B Serial to Ethernet/Wi-Fi Gateway Firmware V3.1.1.0: HW 4.3.2.1: Webpage V7.04T.07.002880.0301 allows attackers to set the Administrator password and username as blank values, allowing attackers to bypass authentication...

EUVD-2022-34765

Malicious code in bioql PyPI...

EUVD-2025-12733

Malicious code in bioql PyPI...

donnybrook-townhouse-apartments.hotel-inn-dublin.com Cross Site Scripting vulnerability OBB-4040449

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-27850

This issue was addressed with improvements to the noise injection algorithm. This issue is fixed in Safari 17.5, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, visionOS 1.2. A maliciously crafted webpage may be able to fingerprint the user...

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

CVE-2023-40751

PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting XSS via the "action" parameter of index.php...

CVE-2022-2507

In affected versions of Octopus Deploy it is possible to render user supplied input into the webpage...

Opennms Group OpenNMS 跨站脚本漏洞

Opennms Group OpenNMS is an open source, enterprise-class network monitoring and network management platform from the U.S.-based Opennms Group. A security vulnerability exists in OpenNMS Meridian, Horizon, which is caused by a cross-site scripting XSS vulnerability in the webapp jsp page, which c...

Information leakage vulnerability in webpage anti-tampering system of Beijing Netnifty Nebula Information Technology Co., Ltd (CNVD-2022-59144)

Beijing NetGuard Nebula Information Technology Company is a leading enterprise in the domestic information security industry, specializing in the research and development, production and sales of information security products. There is an information leakage vulnerability in the webpage...

CVE-2022-31737

A malicious webpage could have caused an out-of-bounds write in WebGL, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...

stored xss

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage Proof of Concept 1. A low-priv user create a page with the following...

Cross-site Scripting (XSS) - Stored in microweber/microweber

Description Stored XSS is a vulnerability in which the attacker can execute arbitrary javascript code in the victim's browser. The XSS payload is stored in a webpage and it gets executed whenever someone visits that webpage. Proof of Concept 1 Visit "Contact Us" page and put in Message field. Cli...

Language Bar Flags <= 1.0.8 - CSRF to Stored XSS

The plugin does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in t...

CVE-2021-35265

A reflected cross-site scripting XSS vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page...

Command injection

UNSUPPORTED WHEN ASSIGNED EVOLUCARE ECSIMAGING aka ECS Imaging through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects...

Memory corruption

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...

Media Foundation Memory Corruption Vulnerability

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. There are multiple ways an...