#php

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php.

The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the 'comment' parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Chemex through 3.7.1 is vulnerable to arbitrary file upload.

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters.

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course.

PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS).

PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS).

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information.

NewsLetter Script version 2.4 suffers from a cross site scripting vulnerability.