Page 9 of 1243 results (0.009 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. • https://github.com/brandonfire/miRNA_Database_by_PHP_MySql/commit/307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a https://vuldb.com/?ctiid.218374 https://vuldb.com/?id.218374 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3

A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jianlinwei/cool-php-captcha/commit/c84fb6b153bebaf228feee0cbf50728d27ae3f80 https://github.com/jianlinwei/cool-php-captcha/issues/2 https://github.com/jianlinwei/cool-php-captcha/releases/tag/0.3 https://vuldb.com/?ctiid.218296 https://vuldb.com/?id.218296 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code.google.com/archive/p/php-form-builder-class/issues/184 https://github.com/manikandan170890/php-form-builder-class/commit/74897993818d826595fd5857038e6703456a594a https://vuldb.com/?ctiid.218155 https://vuldb.com/?id.218155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1

php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php. • https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. • https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809 https://vuldb.com/?id.215445 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •