| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter. |
| Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the question parameter. |
| Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. |
| SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter. |
| Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter. |
| SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter. |
| Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. |
| Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php. |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi. |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. |
| Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter. |
| Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php. |
| fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. |
| Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. |
| Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). |
| Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter). |
| Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm. |
| UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt. |
| Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php. |
