17 matches found
CVE-2026-5147
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...
CVE-2026-30563
A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the updatedetails.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject...
CVE-2026-5147
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...
CVE-2026-5147 YunaiV yudao-cloud get-by-website sql injection
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...
CVE-2026-5147
CVE-2026-5147 affects YunaiV yudao-cloud (up to 2026.01). Affected component: part of the file path /admin-api/system/tenant/get-by-website where manipulating the Website argument yields an SQL injection. Exploitation can be performed remotely and publicly released exploit exists. Severity is ind...
CVE-2026-5147 YunaiV yudao-cloud get-by-website sql injection
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...
yudao-cloud SQL注入漏洞
Yudao-Cloud is a backend management system developed by YunaiV as an individual developer. Versions of Yudao-Cloud prior to 2026.01 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Website” in files located at...
SourceCodester Sales and Inventory System 安全漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a security vulnerability. This vulnerability stems from improper cleaning of the parameter websi...
CVE-2026-30563
SourceCodester Sales and Inventory System 1.0 contains a Stored XSS in update_details.php where the application fails to sanitize the POST 'website' parameter. Authenticated attackers can inject and store arbitrary script/HTML in the database, which executes when the store details page is accesse...
CVE-2026-30563
A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the updatedetails.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject...
EUVD-2026-17102
A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the updatedetails.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject...
PT-2026-29101
A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...
CVE-2026-30563
A Stored Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the updatedetails.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject...
CVE-2026-0505
CVE-2026-0505 affects BSP applications where unauthenticated users can manipulate user-controlled URL parameters that are not sufficiently validated, resulting in unvalidated redirects to attacker-controlled websites. Root cause: insufficient validation of URL parameters. Impact per provided metr...
CVE-2023-46054
Cross Site Scripting XSS vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the websitefooter parameter in the admin/settings/save.php component...
CVE-2011-3835
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...
CVE-2006-1824
Multiple cross-site scripting XSS vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 Website, and 3 Comment parameter...