A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
A vulnerability was found in Campcodes Online Movie Theater Seat Reservation System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?page=reserve of the component Reserve Your Seat Page. The manipulation of the argument Firstname/Lastname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.
A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argument Search leads to cross site scripting. The attack can be initiated remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222984.
A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223739.
A vulnerability classified as problematic was found in Portabilis i-Educar 2.9.0. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_calendario_dia_motivo_cad.php of the component Calendar Module. The manipulation of the argument Motivo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Portabilis i-Diario 1.5.0 and classified as problematic. This issue affects some unknown processing of the file /justificativas-de-falta. The manipulation of the argument Justificativa leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0. This issue affects some unknown processing of the file LoginRegistration.php?a=register_user. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-224309 was assigned to this vulnerability.
A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the argument msg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.
A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.
A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484.
A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.
A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.
A vulnerability has been found in Portabilis i-Diario 1.5.0 and classified as problematic. This vulnerability affects unknown code of the file /conteudos. The manipulation of the argument filter[by_description] leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in Rebuild up to 3.2.3 and classified as problematic. This vulnerability affects unknown code of the file /feeds/post/publish. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-223744.
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
A vulnerability classified as problematic was found in ZCMS 3.6.0. This vulnerability affects unknown code of the component Create Article Page. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this issue and confirmed that it will be fixed in the upcoming release 2.8.0.
A vulnerability, which was classified as problematic, was found in PHPGurukul Online Banquet Booking System 1.0. This affects an unknown part of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as problematic, was found in PHPGurukul Time Table Generator System 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in LabRedesCefetRJ WeGIA 3.4.0 and classified as problematic. This vulnerability affects unknown code of the file /html/matPat/adicionar_unidade.php of the component Adicionar Unidade. The manipulation of the argument Insira a nova unidade leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability.
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255499.
A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search-report.php. The manipulation of the argument serachdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack may be launched remotely. VDB-255386 is the identifier assigned to this vulnerability.
A vulnerability classified as problematic was found in PHPGurukul Hospital Management System 4.0. Affected by this vulnerability is an unknown functionality of the file /doctor/manage-patient.php. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255385 was assigned to this vulnerability.
A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality of the file /check-status.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in LabRedesCefetRJ WeGIA 3.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /html/matPat/adicionar_tipoEntrada.php of the component Adicionar tipo. The manipulation of the argument Insira o novo tipo leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Emlog up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin/article.php. The manipulation of the argument active_post leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in Venganzas del Pasado and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument the_title leads to cross site scripting. The attack may be launched remotely. The name of the patch is 62339b2ec445692c710b804bdf07aef4bd247ff7. It is recommended to apply a patch to fix this issue. VDB-216770 is the identifier assigned to this vulnerability.
A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.
A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/address/gender/officer_reporting/offence leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as problematic was found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /test-details.php of the component Take Action. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was found in java-aodeng Hope-Boot 1.0.0 and classified as problematic. This issue affects the function Login of the file /src/main/java/com/hope/controller/WebController.java. The manipulation of the argument errorMsg leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in PHPGurukul Rail Pass Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/add-pass.php. The manipulation of the argument fullname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.