#windows

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.

OutSystems Service Studio version 11.53.30 suffers from a dll hijacking vulnerability.

i2soft CMS version 2.0 suffers from an insecure direct object reference vulnerability.

helloGTX Travel Portal CRM version 1.6 suffers from an insecure direct object reference vulnerability.

FlatApp Premium Admin Dashboard version 1.0 suffers from a remote SQL injection vulnerability.

Greeva version 2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Easy Web Portal version 2.1.1 suffers from a cross site scripting vulnerability.