CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.0 that allows cross site scripting (XSS) attacks through manipulation of the img argument in the file /index.php?controller=GzUser&action=edit&id=1. The attack can be initiated remotely.
A vulnerability has been found in GZ Scripts Availability Booking Calendar PHP 1.0 that allows cross site scripting (XSS) attacks through manipulation of the promo_code argument in the index.php file. The attack can be launched remotely.
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.
The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This allows unauthenticated attackers to decrypt and view the meeting id and password.
A vulnerability was found in phpscriptpoint Lawyer 1.6, classified as problematic. It affects an unknown part of the file search.php and leads to cross site scripting.
TYPO3 is a PHP-based content management system that had a vulnerability in versions from 9.4.0 to 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, allowing out-of-scope access to content in multi-site scenarios. This enabled visitors to access internal site content by manipulating HTTP query parameters in the URL.
A vulnerability was found in phpscriptpoint Lawyer 1.6, affecting some unknown functionality of the file page.php. The manipulation leads to cross site scripting (XSS) attacks that can be launched remotely.
A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting via manipulation of the id argument in the /admin/edit-accepted-appointment.php file. The attack can be initiated remotely.
A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the adminname argument in the /admin/admin-profile.php file.
A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting (XSS) attacks through manipulation of the searchdata argument in the /admin/search-appointment.php file. The attack can be launched remotely.
A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross-site scripting (XSS) attacks through manipulation of the inv_id argument in the /admin/invoice.php file.
A vulnerability was found in Campcodes Beauty Salon Management System 1.0 that allows cross site scripting attacks through manipulation of the id argument in the /admin/edit_category.php file.
A vulnerability has been found in Campcodes Beauty Salon Management System 1.0, allowing cross site scripting through manipulation of the id argument in the /admin/edit_product.php file. The attack can be initiated remotely.
A vulnerability classified as problematic was found in Campcodes Beauty Salon Management System 1.0. Manipulation of the 'name' argument in the /admin/add-category.php file leads to cross site scripting.
REDCap versions 12.0.26 LTS and 12.3.2 Standard allow SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages, leading to an infinite loop and causing a denial of service.
A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0 in the Comment Box Handler functionality, allowing for cross-site scripting (XSS) attacks through manipulation of the comment argument. The attack may be launched remotely, but its exploitation is complex.
A vulnerability was found in phpscriptpoint Insurance 1.2, affecting an unknown functionality of the file /search.php. The manipulation leads to cross site scripting (XSS) attacks.
A vulnerability was found in phpscriptpoint Insurance 1.2, classified as problematic. It affects an unknown function of the file /page.php, leading to cross site scripting attacks.
A vulnerability has been found in phpscriptpoint Car Listing version 1.6, affecting unknown code in the /search.php file. Manipulation of the argument country/state/city leads to cross site scripting.

