A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated us…

An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen.

Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check.

Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet.

GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.

A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens.

A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter.

Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.

ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials.

An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution.