A stored cross-site scripting (XSS) vulnerability in Computer Laboratory Management System v1.0 allows attackers to execute arbitrary JavaScript code by including malicious payloads into “remarks”, “borrower_name”, “faculty_department” parameters in /classes/Master.php?f=save_record.
A vulnerability classified as problematic has been found in SourceCodester Grade Point Average GPA Calculator 1.0. This affects an unknown part of the file index.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224631.
A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file LoginRegistration.php?a=register_user. The manipulation of the argument Fullname leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224244.
A vulnerability has been found in SourceCodester Online Pet Shop We App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /pet_shop/admin/orders/update_status.php. The manipulation of the argument oid with the input 1"><script>alert(1111)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221800.
A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123.
A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222663.
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.
A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222984.
A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.
A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability.
A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Affected is an unknown function of the file index.php?page=add-category. The manipulation of the argument Name with the input "><img src=x onerror=prompt(document.domain);> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-221592.
A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability.
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.
A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. It has been declared as problematic. This vulnerability affects the function query of the file admin/user/list.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222982 is the identifier assigned to this vulnerability.
A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. This vulnerability affects unknown code of the file admin/fecalysis_form.php. The manipulation of the argument itr_no leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222220.
A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484.
A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add User Account. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222870 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. This affects an unknown part of the file /spgpm/updateListing. The manipulation of the argument spgLsTitle leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.2 is able to address this issue. It is recommended to upgrade the affected component.
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability.
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been classified as problematic. This affects an unknown part of the component New Record Handler. The manipulation of the argument Firstname/Middlename/Lastname/Suffix/Nationality/Doctor Fullname/Doctor Suffix with the input "><script>prompt(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-221739.
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915.
DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The identifier of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.
A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability.
The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability.
A vulnerability was found in sequentech admin-console up to 6.1.7 and classified as problematic. Affected by this issue is some unknown functionality of the component Election Description Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 7.0.0-beta.1 is able to address this issue. The patch is identified as 0043a6b1e6e0f5abc9557e73f9ffc524fc5d609d. It is recommended to upgrade the affected component. VDB-258782 is the identifier assigned to this vulnerability.
A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability.
A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability.
A vulnerability was found in librespeed speedtest up to 5.2.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file results/stats.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. Upgrading to version 5.2.5 is able to address this issue. The patch is named a85f2c086f3449dffa8fe2edb5e2ef3ee72dc0e9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-246643.
A vulnerability has been found in snoyberg keter up to 1.8.1 and classified as problematic. This vulnerability affects unknown code of the file Keter/Proxy.hs. The manipulation of the argument host leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.8.2 is able to address this issue. The name of the patch is d41f3697926b231782a3ad8050f5af1ce5cc40b7. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217444.
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.</p> <p>The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user.</p> <p>The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests.</p>
A vulnerability was found in code-projects Online Book System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Product.php. The manipulation of the argument value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258206 is the identifier assigned to this vulnerability.
A vulnerability was found in mportuga eslint-detailed-reporter up to 0.9.0 and classified as problematic. Affected by this issue is the function renderIssue in the library lib/template-generator.js. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The patch is identified as 505c190efd4905990db6207863bdcbd9b1d7e1bd. It is recommended to apply a patch to fix this issue. VDB-226310 is the identifier assigned to this vulnerability.
A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250237 was assigned to this vulnerability.
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
A vulnerability was found in MyCMS. It has been classified as problematic. This affects the function build_view of the file lib/gener/view.php of the component Visitors Module. The manipulation of the argument original/converted leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named d64fcba4882a50e21cdbec3eb4a080cb694d26ee. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218895.
A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The patch is identified as fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability.
A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.3.0-20220417 is able to address this issue. The name of the patch is 26bf307d3658d1403cfd5c3ad423ce4c4d1cb2dc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220212.
A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The identifier of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability.
A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236.
In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email mail@example.com, verify it, change it to the mail another@domain.com and stay verified and enabled. This may lead to having accounts addressed to totally different emails, that were verified. Note, that this way one is not able to take over any existing account (guest or normal one). The issue has been patched in Sylius 1.6.9, 1.7.9 and 1.8.3. As a workaround, you may resolve this issue on your own by creating a custom event listener, which will listen to the sylius.customer.pre_update event. You can determine that email has been changed if customer email and user username are different. They are synchronized later on. Pay attention, to email changing behavior for administrators. You may need to skip this logic for them. In order to achieve this, you should either check master request path info, if it does not contain /admin prefix or adjust event triggered during customer update in the shop. You can find more information on how to customize the event here.