A stored cross-site scripting vulnerability exists in the Responsive E-Learning System 1.0, which allows an attacker to inject malicious JavaScript code into the application. By exploiting this vulnerability, an attacker can gain access to the application and execute malicious code on the victim's browser.
The 'id=' parameter in Responsive E-Learning System is vulnerable to Sql Injection.
A vulnerability in ManageEngine ADSelfService Plus could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists due to insufficient validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the targeted system. A successful exploit could allow the attacker to execute arbitrary code on the system with the privileges of the web server process.
GoldWave 5.70 is vulnerable to a buffer overflow vulnerability when a specially crafted file is opened. This can be exploited to execute arbitrary code by corrupting the SEH chain and overwriting the return address with a pointer to the malicious code. The vulnerability is triggered when a user opens a specially crafted file with the application.
The Istgah for Centerhost is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting arbitrary script code into the browser of a victim user, within the context of the affected site. This can lead to the theft of authentication credentials and enable the attacker to launch further attacks.
RoundCube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Kentico CMS. An attacker can exploit this issue by injecting arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other attacks.
Gelsheet is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The Daily Maui Photo Widget plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
chillyCMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible.