6.1
CVE-2024-12715 - Asgard Security Scanner <= 0.7 - Reflected XSS
The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2024-12714 - Backlink Monitoring Manager <= 0.1.3 - Reflected XSS
The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
4.2
CVE-2024-10815 - PostLists <= 2.0.2 - Reflected XSS
The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
5.3
CVE-2025-0333 - leiyuxi cy-fast listData sql injection
A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the pβ¦
6.9
CVE-2025-0331 - YunzMall HTTP POST Request ResetpwdController.php changePwd password recovery
A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password rβ¦
6.9
CVE-2025-0328 - KaiYuanTong ECT Platform HTTP POST Request runCode.php command injection
A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command iβ¦
5.3
CVE-2024-13213 - SingMR HouseRent toAdminUpdateHousePage cross site scripting
A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and mayβ¦
5.3
CVE-2024-13212 - SingMR HouseRent AddHouseController.java upload unrestricted upload
A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate theβ¦
5.3
CVE-2024-13211 - SingMR HouseRent AdminController.java access control
A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. Thβ¦
5.1
CVE-2024-13210 - donglight bookstoreη΅εδΉ¦εη³»η»θ―΄ζ AdminBookController. java uploadPicture unrestricted upload
A vulnerability was found in donglight bookstoreη΅εδΉ¦εη³»η»θ―΄ζ 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leadsβ¦