#firefox

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

i2soft CMS version 2.0 suffers from an insecure direct object reference vulnerability.

helloGTX Travel Portal CRM version 1.6 suffers from an insecure direct object reference vulnerability.

FlatApp Premium Admin Dashboard version 1.0 suffers from a remote SQL injection vulnerability.

Greeva version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Easy Web Portal version 2.1.1 suffers from a cross site scripting vulnerability.

Easy Password Manager version 1.1 suffers from an administrative information disclosure vulnerability.