Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2023-37598: GitHub - sahiloj/CVE-2023-37598: CSRF vulnerability in issabel-pbx v.4.0.0-6 to delete any new virtual fax of users

A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.

CVE
Open in Source
#csrf#vulnerability#windows#dos#git#php#auth
GHSA-667r-p4gg-7m2q: ImpressCMS Cross-site Scripting vulnerability

A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the `smile_code` parameter of the component `/editprofile.php`.

CVE-2023-37786: GitHub - CrownZTX/reflectedxss1: Reflected XSS Vulnerabilitiy in public_html/admin/configuration.php of Geeklog v2.2.2

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.

CVE-2023-37785: GitHub - CrownZTX/cve-description: ImpressCMS <= 1.4.5 is vulnerable to Stored Cross-Site Scripting (XSS) in ./editprofile.php

A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.

CVE-2023-30151: [CVE-2023-30151] Improper neutralization of SQL parameters in the Boxtal (envoimoinscher) module from Boxtal for PrestaShop

A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter.

CVE-2023-37787: GitHub - CrownZTX/storedXSS: Geeklog v2.2.2 is vulnerable to Stored Cross-Site Scripting (XSS) in public_html/admin/router.php

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.

CVE-2023-37743: Teacher Subject Allocation Management System in PHP | Teacher Subject Allocation Management Project

A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.

CVE-2023-37745: Maid Hiring Management System | Maid Hiring Management Project in PHP

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.

CVE-2023-31704: GitHub - d34dun1c02n/CVE-2023-31704

Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.

CVE-2023-31705: Downloading Task Reminder System in PHP and MySQL Source Code Free Download?cve=title Code

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.