Page 22 of 42152 results (0.100 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.287912 https://vuldb.com/?id.287912 https://vuldb.com/?submit.461130 https://www.sourcecodester.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.1EPSS: 0%CPEs: -EXPL: 1

A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Jack-Black-13/blob/blob/main/classCMS_v4.8_model_xss.md https://vuldb.com/?ctiid.287875 https://vuldb.com/?id.287875 https://vuldb.com/?submit.461085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter. • https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Pre-School%20Enrollment/SQL%20Injection%20pre-school%20pa.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The The WPMobile.App — Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207040%40wpappninja&new=3207040%40wpappninja&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/3ad03e3f-fb3e-4a80-9eea-d24459ed62b8?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

The The Coupon Affiliates – Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. ... This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. ... The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2. • https://plugins.trac.wordpress.org/browser/woo-coupon-usage/tags/5.16.7/inc/functions/functions-user-coupons.php#L491 https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3207070%40woo-coupon-usage&new=3207070%40woo-coupon-usage&sfp_email=&sfph_mail=#file7 https://www.wordfence.com/threat-intel/vulnerabilities/id/66b669ce-142a-48b8-9adf-620657c2db74?source=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •