In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script whi…

powertip.ts in Lila (for Lichess) before ab0beaf allows XSS in some applications because of an innerHTML usage pattern in which text is extracted from a DOM node and interpreted as HTML.

The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /edit-brand.php?bid={brandId}.

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the name, email, and mobile parameters.

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the vehiclename, modelnumber, regnumber, vehiclesubtype, chasisnum, enginenumber' in the /admin/edit-vehicle.php component. This allows attackers to execute arbitrary code.

FluxBB 1.5.11 is vulnerable to Cross Site Scripting (XSS) in via the Forum Description Field in admin_forums.php.

Phpgurukul Vehicle Record Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/add-brand.php via the brandname parameter.

An issue was discovered in Insyde InsydeH2O kernel 5.2 before version 05.29.50, kernel 5.3 before version 05.38.50, kernel 5.4 before version 05.46.50, kernel 5.5 before version 05.54.50, kernel 5.6 before version 05.61.50, and kernel 5.7 before version 05.70.50. In VariableRuntimeDxe driver, SmmUp…

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php